General
-
Target
vir.exe
-
Size
88KB
-
Sample
230628-nnvp2aac7z
-
MD5
74b0eb7d15999dd0886e3a9b8616a5ca
-
SHA1
8ec77322cdd5a708e0aa22c830fe368770b12e6b
-
SHA256
55ebf6e1cf3205a0856278c48d7db5ad8c09d6349dd4dacb2ba29e28414b3e5f
-
SHA512
1e863277ef675dba35a3f1924b556f3980ad6f0cb1648e62e8ee1f8fec52eb752e5f6d757c28442e21f165f877562d6a8229cc276e30d80d79069f1e546a0779
-
SSDEEP
1536:s6GqLMyrR2t1Kz66wDCiX+ioXGAbhoZgmFcH0lGTnZKYWjFxCuxm9L:7L7rR2t1ooD+fnhoZgmFrGtEFxC/9L
Static task
static1
Malware Config
Extracted
xworm
opportunities-rendered.craft.ply.gg:39858
-
install_file
ctfmon.exe
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
BackUp
style-camps.craft.ply.gg:37572
Text attrib corrector
-
reg_key
Text attrib corrector
-
splitter
|Hassan|
Targets
-
-
Target
vir.exe
-
Size
88KB
-
MD5
74b0eb7d15999dd0886e3a9b8616a5ca
-
SHA1
8ec77322cdd5a708e0aa22c830fe368770b12e6b
-
SHA256
55ebf6e1cf3205a0856278c48d7db5ad8c09d6349dd4dacb2ba29e28414b3e5f
-
SHA512
1e863277ef675dba35a3f1924b556f3980ad6f0cb1648e62e8ee1f8fec52eb752e5f6d757c28442e21f165f877562d6a8229cc276e30d80d79069f1e546a0779
-
SSDEEP
1536:s6GqLMyrR2t1Kz66wDCiX+ioXGAbhoZgmFcH0lGTnZKYWjFxCuxm9L:7L7rR2t1ooD+fnhoZgmFrGtEFxC/9L
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-