General
-
Target
s.exe
-
Size
23KB
-
Sample
231203-pxvbasbh64
-
MD5
4d0542e1d74a6be9dae377b16ddacc17
-
SHA1
cb0e366897672385e2bcad2a8c98b038a8b6cd99
-
SHA256
91997affc537134c5dcef64236568d14974ae3f5b4e2e3cf2330a6c0a2cd8c67
-
SHA512
645594fc8e9823ca68e0cd70e60022b330c1b233a4e2938579b4ca7010bfa62d36e1300070d68f25c7af3c43c3e1742036ab6f81971880e239069bfe9e7e993e
-
SSDEEP
384:zslUlEvOEJ8xWwYJOMiOBZEdj1567gtwi5HhbQmRvR6JZlbw8hqIusZzZ0Hk:EeEvwIlLMRpcnuxE
Behavioral task
behavioral1
Sample
s.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
s.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
njrat
0.7d
HacKed
43.249.38.36:5552
1c214698f485e7d0799a81ebc3c171f7
-
reg_key
1c214698f485e7d0799a81ebc3c171f7
-
splitter
|'|'|
Targets
-
-
Target
s.exe
-
Size
23KB
-
MD5
4d0542e1d74a6be9dae377b16ddacc17
-
SHA1
cb0e366897672385e2bcad2a8c98b038a8b6cd99
-
SHA256
91997affc537134c5dcef64236568d14974ae3f5b4e2e3cf2330a6c0a2cd8c67
-
SHA512
645594fc8e9823ca68e0cd70e60022b330c1b233a4e2938579b4ca7010bfa62d36e1300070d68f25c7af3c43c3e1742036ab6f81971880e239069bfe9e7e993e
-
SSDEEP
384:zslUlEvOEJ8xWwYJOMiOBZEdj1567gtwi5HhbQmRvR6JZlbw8hqIusZzZ0Hk:EeEvwIlLMRpcnuxE
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1