General
-
Target
a0bbda280458cc74a17288e860365e68.exe
-
Size
37KB
-
Sample
231215-effrgaadak
-
MD5
a0bbda280458cc74a17288e860365e68
-
SHA1
0d5fef6b60995789e6ba74987d2f1b2941480a1f
-
SHA256
e6b30ab724c9658427dad7fb5807614bd5f3a1560f8c1d575cad5880ab5f5d8a
-
SHA512
05880b9f9d806278f62bbd3850d7b60480883f30e4046be03ee882c9660345f3665c96bff7d664361f96bea323fdd60c5aead1dc71f35d060e8aa6dcd3f1b9fe
-
SSDEEP
384:sdKvEiTbHvpWNcZ0y8f7CTvvrdkLkCwE3rAF+rMRTyN/0L+EcoinblneHQM3epzm:OKXTZ38f7CTvBkFwKrM+rMRa8Nu89t
Behavioral task
behavioral1
Sample
a0bbda280458cc74a17288e860365e68.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
a0bbda280458cc74a17288e860365e68.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
njrat
im523
HacKed
6.tcp.eu.ngrok.io:13003
85592ba1e116123c97e1d147a877e6d2
-
reg_key
85592ba1e116123c97e1d147a877e6d2
-
splitter
|'|'|
Targets
-
-
Target
a0bbda280458cc74a17288e860365e68.exe
-
Size
37KB
-
MD5
a0bbda280458cc74a17288e860365e68
-
SHA1
0d5fef6b60995789e6ba74987d2f1b2941480a1f
-
SHA256
e6b30ab724c9658427dad7fb5807614bd5f3a1560f8c1d575cad5880ab5f5d8a
-
SHA512
05880b9f9d806278f62bbd3850d7b60480883f30e4046be03ee882c9660345f3665c96bff7d664361f96bea323fdd60c5aead1dc71f35d060e8aa6dcd3f1b9fe
-
SSDEEP
384:sdKvEiTbHvpWNcZ0y8f7CTvvrdkLkCwE3rAF+rMRTyN/0L+EcoinblneHQM3epzm:OKXTZ38f7CTvBkFwKrM+rMRa8Nu89t
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1