General
-
Target
4fe09d3b83d90cfd1706b7e5b80f74fd
-
Size
1.3MB
-
Sample
240110-hm9jxabgc4
-
MD5
4fe09d3b83d90cfd1706b7e5b80f74fd
-
SHA1
a3fca1c3ff02c5b2b62774df7214efe0df600495
-
SHA256
cdce61baa490186d1ce2074803f0a8eccd235204ea2e2d0cf238ac3e776815d5
-
SHA512
f1ea705f133fe5234c172907fcb74864f123bf8d3ec6ca292c9de0da5808d88e736a55b3dabe60c40f9aed8796ce10f58fe2bab39d7b9dc905c0737790a445b0
-
SSDEEP
24576:COAOIk1U/U9ESiWy9EFFTZdXTZdHXTZdXTZnvR1BgkuC9WxrMhrJrEbeyN4ReNw1:SNGU+iSTZdXTZdHXTZdXTZnvRBX06rW4
Static task
static1
Behavioral task
behavioral1
Sample
4fe09d3b83d90cfd1706b7e5b80f74fd.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4fe09d3b83d90cfd1706b7e5b80f74fd.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
njrat
0.7d
HacKed
4.tcp.ngrok.io:14914
Windows Update
-
reg_key
Windows Update
-
splitter
|'|'|
Targets
-
-
Target
4fe09d3b83d90cfd1706b7e5b80f74fd
-
Size
1.3MB
-
MD5
4fe09d3b83d90cfd1706b7e5b80f74fd
-
SHA1
a3fca1c3ff02c5b2b62774df7214efe0df600495
-
SHA256
cdce61baa490186d1ce2074803f0a8eccd235204ea2e2d0cf238ac3e776815d5
-
SHA512
f1ea705f133fe5234c172907fcb74864f123bf8d3ec6ca292c9de0da5808d88e736a55b3dabe60c40f9aed8796ce10f58fe2bab39d7b9dc905c0737790a445b0
-
SSDEEP
24576:COAOIk1U/U9ESiWy9EFFTZdXTZdHXTZdXTZnvR1BgkuC9WxrMhrJrEbeyN4ReNw1:SNGU+iSTZdXTZdHXTZdXTZnvRBX06rW4
Score10/10-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1