General
-
Target
ImmortaLFort.rar
-
Size
11.5MB
-
Sample
240419-1s4jyshd3t
-
MD5
0e7c7aa36ec5edf8a42cd9ca5b68bd06
-
SHA1
457c6d05f7289ab90590d9ec3fc84b6b2f0a97a6
-
SHA256
f51422da0c91f9c2dcd1e87e61f0a59f64cd71915a006fd83f67be96e8cd31a5
-
SHA512
e265e7f7ba57d90ff24c06af66e769cc2ed1c894f9aad05e75aae7d2281f672da3966950f016a6124eac12d903df0b0d7562cd8f151b9e8f334b2760f451444b
-
SSDEEP
196608:iZ6TK8TtLDMZ9w0Ls+xpTtRg5zEFhsk1T9urdYE7tRPYA+tzNY2hixKXl/4lxk:iZ6tTtLDA7xpT5hv+RkpAK1/4bk
Static task
static1
Behavioral task
behavioral1
Sample
ImmortaL/launcherimortal.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
Platinum
MrSvch0st
127.0.0.1:1337
notpad.exe
-
reg_key
notpad.exe
-
splitter
|Ghost|
Targets
-
-
Target
ImmortaL/launcherimortal.exe
-
Size
8.0MB
-
MD5
27e834cd6f7f5f0d56a8c1f50d7c8ec9
-
SHA1
edb4639e5b684ecc1a0d0b5676a890a58656c6e8
-
SHA256
850be50676a9696f263611dfce1c11fea0c3cf211fef0b9f9fccadf500135435
-
SHA512
3a99d21b87ad47801ee8fb81b90570daaac4d0f771963dab0c7f1b9e848e05b89a57b4c7e90d8753dc56cefcef4f5f8a122c12b1f51cfbb950e848f408b74087
-
SSDEEP
49152:RTWfqjVmnGoZCIKmqeinNEn3JKaBZfeYy9VwjwXzl4V4Tu0sYDcXYTWfMsoPRfjd:KxHnaeiQ7BZG39
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1