General
-
Target
ImmortaLFort.rar
-
Size
11.5MB
-
Sample
240419-1r13fage59
-
MD5
0e7c7aa36ec5edf8a42cd9ca5b68bd06
-
SHA1
457c6d05f7289ab90590d9ec3fc84b6b2f0a97a6
-
SHA256
f51422da0c91f9c2dcd1e87e61f0a59f64cd71915a006fd83f67be96e8cd31a5
-
SHA512
e265e7f7ba57d90ff24c06af66e769cc2ed1c894f9aad05e75aae7d2281f672da3966950f016a6124eac12d903df0b0d7562cd8f151b9e8f334b2760f451444b
-
SSDEEP
196608:iZ6TK8TtLDMZ9w0Ls+xpTtRg5zEFhsk1T9urdYE7tRPYA+tzNY2hixKXl/4lxk:iZ6tTtLDA7xpT5hv+RkpAK1/4bk
Static task
static1
Behavioral task
behavioral1
Sample
ImmortaL/Launcher.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
ImmortaL/WinRT.Runtime.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
ImmortaL/launcherimortal.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
Platinum
MrSvch0st
127.0.0.1:1337
notpad.exe
-
reg_key
notpad.exe
-
splitter
|Ghost|
Targets
-
-
Target
ImmortaL/Launcher.exe
-
Size
19.9MB
-
MD5
9319baa845014b9b1b19c74d71b3102f
-
SHA1
abd3a8d4b66c8ae234c3c364418c7f36496971c3
-
SHA256
b5b06a1fc40c1f61198aec7becfcd62a0d3da7a19e48166b8f8e98840a2ca7fe
-
SHA512
2619a014ae87c5942f5c672981cc7121650057c2f6e0be74426942eebf6f54d457b6f5860e9fedb83ab3257e466a4b0ad7ed4671867f8b5f46a8de91793eb45f
-
SSDEEP
393216:QsJU/P2y1sMts1jn0xnJ6A0C2jQ1riHfqXAU6S:QsJU/uB1jn0xnJ50C2M1eUT
Score1/10 -
-
-
Target
ImmortaL/WinRT.Runtime.dll
-
Size
389KB
-
MD5
0966745c6b954e7bbd15459756a106c6
-
SHA1
f6efa62a95b4f40c84341ed58c1d3c8d5af2111d
-
SHA256
4977a1e6dcee4c3310a68e20f2879cf39b95255e29f3fd7557781e058445cb9b
-
SHA512
ab8a07fdf72315ffaa49271faca6d0d6523b3480d53fd6f5225fdfcb41ee099e3b401872a684016ed02d347b48eae3467185b6e9dcd16994c0b7e3c562e9a047
-
SSDEEP
6144:WlOYSCIkSjwAF56b5uuXzAOJPvcFVloAFJpR0krlFo/UkjYPqNHav96iTtq7CYm:WQvCZoKN/DelFo/tNHav96iTtq5m
Score1/10 -
-
-
Target
ImmortaL/launcherimortal.exe
-
Size
8.0MB
-
MD5
27e834cd6f7f5f0d56a8c1f50d7c8ec9
-
SHA1
edb4639e5b684ecc1a0d0b5676a890a58656c6e8
-
SHA256
850be50676a9696f263611dfce1c11fea0c3cf211fef0b9f9fccadf500135435
-
SHA512
3a99d21b87ad47801ee8fb81b90570daaac4d0f771963dab0c7f1b9e848e05b89a57b4c7e90d8753dc56cefcef4f5f8a122c12b1f51cfbb950e848f408b74087
-
SSDEEP
49152:RTWfqjVmnGoZCIKmqeinNEn3JKaBZfeYy9VwjwXzl4V4Tu0sYDcXYTWfMsoPRfjd:KxHnaeiQ7BZG39
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-