General
-
Target
svchost (2).exe
-
Size
37KB
-
Sample
240416-29p9bsgg9v
-
MD5
4b35f87adde9db4df4775e739743c59c
-
SHA1
fee7574a5f039051dcb2d63fa8cdf94e61558b35
-
SHA256
7395078c587f6da109eaead4135c47967babf6ffb93509f0a15e60eedbc7f8f2
-
SHA512
e144ffd9ffe089712465f1b89178e6804d4b3b8aec04e8b0b30d231797aef9d4c735acc8aab0c622e6873ef07095b259ef87fc70a4174dd07d578ed668a6260e
-
SSDEEP
384:Ad8TgiG1CnZfursvO6ysz6jIvxATH2DirAF+rMRTyN/0L+EcoinblneHQM3epzXW:W8H5Wpsz6jIWD2GrM+rMRa8Nubl2t
Behavioral task
behavioral1
Sample
svchost (2).exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
svchost (2).exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
im523
HacKed
tue-jake.gl.at.ply.gg:29058
f6f9a84d017975575db803dfc5b5c146
-
reg_key
f6f9a84d017975575db803dfc5b5c146
-
splitter
|'|'|
Targets
-
-
Target
svchost (2).exe
-
Size
37KB
-
MD5
4b35f87adde9db4df4775e739743c59c
-
SHA1
fee7574a5f039051dcb2d63fa8cdf94e61558b35
-
SHA256
7395078c587f6da109eaead4135c47967babf6ffb93509f0a15e60eedbc7f8f2
-
SHA512
e144ffd9ffe089712465f1b89178e6804d4b3b8aec04e8b0b30d231797aef9d4c735acc8aab0c622e6873ef07095b259ef87fc70a4174dd07d578ed668a6260e
-
SSDEEP
384:Ad8TgiG1CnZfursvO6ysz6jIvxATH2DirAF+rMRTyN/0L+EcoinblneHQM3epzXW:W8H5Wpsz6jIWD2GrM+rMRa8Nubl2t
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1