General
-
Target
ae59fdf5c21e0dede4be06c7f82c2597
-
Size
24KB
-
Sample
240229-m4bfnaeh5x
-
MD5
ae59fdf5c21e0dede4be06c7f82c2597
-
SHA1
2cb4d3ed40d4958a3e3e1ddfebfd42fc49affa17
-
SHA256
7bc5235538284e3133614ad8992df1a6c758250c9afe4e6ba83a1aff4c11d579
-
SHA512
c14c03e9d103b76623344e5b6b9d7f1da65dc352ce48a778519ab99fe475071d126b3fdd56cb4491197fd55e628728319a0e646295bc5971ebd08d55b04980b6
-
SSDEEP
384:jn4rb34wknPfHM+Jcu8e7Orz210wAQu1kDVkuZvxEYRo+AM0dTYmPW5iF9cAHF:OoFMHl4azLTF1YkiJEYRo+DDYW0eAHF
Static task
static1
Behavioral task
behavioral1
Sample
ddos.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ddos.vbs
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
HacKed
karrar123.ddns.net:1177
50c3e7591aec55d568f0177f1a3e4984
-
reg_key
50c3e7591aec55d568f0177f1a3e4984
-
splitter
|'|'|
Targets
-
-
Target
ddos.vbs
-
Size
1.5MB
-
MD5
5c9043e6d5d880c87bb2fb80a5723deb
-
SHA1
aca5afc74bc860cb5e9c26002e9249fbd62d75cc
-
SHA256
7205b3c6b53b979a326b63abef76d355647688f57d70f342968a3d6c584b17f0
-
SHA512
c7fa0b46cb33017ffe5181df34f8e385b9d59e6b6773050d738342a27dcc2f7831dc62dc6a6c7cc48b50c0e82030f6a8ab8e7f882098eff9760e32fa945f6bf5
-
SSDEEP
768:6gztz/OouIbXBvWBVTiN6+t5YoW1LevSPltuqXCpTIT/LIB8Ev/ZLtmXBE4wEhMW:6gM
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1