General
-
Target
stub.exe_xor-packed.exe
-
Size
60KB
-
Sample
231206-2477yshfg7
-
MD5
f70109842c9126e15d1761576c307db3
-
SHA1
de3c99dbf7d5459a6e1ac4509d24cfe5504a3a99
-
SHA256
484e1d434e1896d2a44909d531a91b5083a1ebad3f726d5fd3b3a3105f8c3111
-
SHA512
ad35e7ffde96b5c9648fda4f89640a8bc5d1f88dd8caea0638d050e041268c23271ecb67ad165a2ba34b26475dac01996fe1bd4cf1b30f54a33d4d95a946a04d
-
SSDEEP
768:svW9wNRqQ9XIdHZ4fc/kexyGW2j+VwD+deiwqJf2tmEMotwJymFQypKwhafuxmsU:79w+MO45ex7V+mDsJ52cEJmmdiXYuOF
Static task
static1
Behavioral task
behavioral1
Sample
stub.exe_xor-packed.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
njrat
Platinum
HacKed
127.0.0.1:9017
Client.exe
-
reg_key
Client.exe
-
splitter
|Ghost|
Targets
-
-
Target
stub.exe_xor-packed.exe
-
Size
60KB
-
MD5
f70109842c9126e15d1761576c307db3
-
SHA1
de3c99dbf7d5459a6e1ac4509d24cfe5504a3a99
-
SHA256
484e1d434e1896d2a44909d531a91b5083a1ebad3f726d5fd3b3a3105f8c3111
-
SHA512
ad35e7ffde96b5c9648fda4f89640a8bc5d1f88dd8caea0638d050e041268c23271ecb67ad165a2ba34b26475dac01996fe1bd4cf1b30f54a33d4d95a946a04d
-
SSDEEP
768:svW9wNRqQ9XIdHZ4fc/kexyGW2j+VwD+deiwqJf2tmEMotwJymFQypKwhafuxmsU:79w+MO45ex7V+mDsJ52cEJmmdiXYuOF
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-