General
-
Target
20dbb88ce314427e129474f51e509674f019c31b373101a1edd5de88f74c4af3
-
Size
17KB
-
Sample
240419-v1s6asbd5v
-
MD5
cd0867b8084993dd7b694268c8def87a
-
SHA1
b02fa7a4781ad1479d4275e1f159daf4e645552b
-
SHA256
20dbb88ce314427e129474f51e509674f019c31b373101a1edd5de88f74c4af3
-
SHA512
cc5e87863e1850e900a6910692435e5027d1d3c4c393b3a3880935f388b862e6a8a3c1b322522a0270f182360f024e2fe4327954df161849592457a8cd9cab7b
-
SSDEEP
384:RIXYd926CMlgXj3xiLYkJPyPPtz8RrYeUHgKDX:926CMlgXjhhIPy9c/UHg2
Behavioral task
behavioral1
Sample
7d5a7a36c5dec7d16bd7f3abf823879346d4ad40cea0beeeab483ba702ba9a5b.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
7d5a7a36c5dec7d16bd7f3abf823879346d4ad40cea0beeeab483ba702ba9a5b.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
im523
HacKed
potential-instances.gl.at.ply.gg:24675
eae2d0d75b0c1d402f8fd7a128486e82
-
reg_key
eae2d0d75b0c1d402f8fd7a128486e82
-
splitter
|'|'|
Targets
-
-
Target
7d5a7a36c5dec7d16bd7f3abf823879346d4ad40cea0beeeab483ba702ba9a5b.exe
-
Size
37KB
-
MD5
c6c9c443276de08f55e112ae8b9805ba
-
SHA1
7041fbd93d486852df9e7a31cd07e3fa9a38e061
-
SHA256
7d5a7a36c5dec7d16bd7f3abf823879346d4ad40cea0beeeab483ba702ba9a5b
-
SHA512
4a85d147e8e5b4eb2d00670f67eda5b591bab6206f9691232676aaa2e8b2189ee16e3dfba84e58b443d3281ee8fcc8118e96daf9218629b0eb2120499c94b2c4
-
SSDEEP
384:ZnXyi0mnCVpd3vVmyhKrxTPaczmjcYx03IrAF+rMRTyN/0L+EcoinblneHQM3epP:1BANVdhKrFPa/bx0YrM+rMRa8NuQctN
Score10/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1