General
-
Target
Vikastart.exe
-
Size
300KB
-
Sample
240204-lhz2fsecd9
-
MD5
23b4890371604997b7e48901d49025e6
-
SHA1
e3161be5784d4e2999e28b3fd637c71b3d2bffe4
-
SHA256
c35d91e2d4dbc130afb2d11901ffd72b7d5d29d7459324043b5c32d134f33ad7
-
SHA512
63f8dff6f7d6886ebdd58c807862feb176ddd55c2e75ec3fee2935046e4d55ceaee8021b0c1a7c07f38a7a1b0a06492ae811a1ffa988e695ce05a1b0fb68ed55
-
SSDEEP
6144:b4KlcJqDSB00ulESj3I9mlSLyqRuAHhL5sw0O:cgcE2B00uvj3IBuOq
Behavioral task
behavioral1
Sample
Vikastart.exe
Resource
win10-20231215-en
Malware Config
Extracted
njrat
im523
Tupoy
127.0.0.1:17210
61dd081a412f5774313c2d7466838144
-
reg_key
61dd081a412f5774313c2d7466838144
-
splitter
|'|'|
Targets
-
-
Target
Vikastart.exe
-
Size
300KB
-
MD5
23b4890371604997b7e48901d49025e6
-
SHA1
e3161be5784d4e2999e28b3fd637c71b3d2bffe4
-
SHA256
c35d91e2d4dbc130afb2d11901ffd72b7d5d29d7459324043b5c32d134f33ad7
-
SHA512
63f8dff6f7d6886ebdd58c807862feb176ddd55c2e75ec3fee2935046e4d55ceaee8021b0c1a7c07f38a7a1b0a06492ae811a1ffa988e695ce05a1b0fb68ed55
-
SSDEEP
6144:b4KlcJqDSB00ulESj3I9mlSLyqRuAHhL5sw0O:cgcE2B00uvj3IBuOq
Score10/10-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1