General
-
Target
rat.exe
-
Size
64KB
-
Sample
230728-k91avscf65
-
MD5
8aa7c1cb0920d957870c48e543c8d0b5
-
SHA1
a7ed7edffeb04b786617b28f7ffde11a84f4f855
-
SHA256
014f0d19ffeff49332c29c1c4edf16523928c822857fbde256d6da21bf6424e8
-
SHA512
7e5f9b77d1a97252b8d388bf42233649a9ecfb6ab6f41dd7756eab5c595c19e34673a670a0cc474e62cd3df0a1906eeb8dd500569dfad058680cd0eff3a509a1
-
SSDEEP
1536:TvDmGXoN36tcQviFw1WeHpYBnvbWfLteF3nLrB9z3nGaF9bUS9vM:TLmGXoN36tcQviFCbHCBn6fWl9zWaF9
Malware Config
Extracted
njrat
Platinum
MyBot
127.0.0.1:54077
steamwebhelper.exe
-
reg_key
steamwebhelper.exe
-
splitter
|Ghost|
Targets
-
-
Target
rat.exe
-
Size
64KB
-
MD5
8aa7c1cb0920d957870c48e543c8d0b5
-
SHA1
a7ed7edffeb04b786617b28f7ffde11a84f4f855
-
SHA256
014f0d19ffeff49332c29c1c4edf16523928c822857fbde256d6da21bf6424e8
-
SHA512
7e5f9b77d1a97252b8d388bf42233649a9ecfb6ab6f41dd7756eab5c595c19e34673a670a0cc474e62cd3df0a1906eeb8dd500569dfad058680cd0eff3a509a1
-
SSDEEP
1536:TvDmGXoN36tcQviFw1WeHpYBnvbWfLteF3nLrB9z3nGaF9bUS9vM:TLmGXoN36tcQviFCbHCBn6fWl9zWaF9
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-