General
-
Target
791a4175efeb80014ae7a728dedba39e9b32eb213668786bf7cb143971408170
-
Size
16KB
-
Sample
240419-v8e9eabf81
-
MD5
905f2ebbb68d3b9a26b25865dcd8df1b
-
SHA1
80a392537495b48e8084dea74250e6603e2d45f5
-
SHA256
791a4175efeb80014ae7a728dedba39e9b32eb213668786bf7cb143971408170
-
SHA512
3198a668410a6054c53cc36c29ebf0351846720c8c5ac3e58de579474527b5bf99d10f33958ec6c298c76379e6a37da30df6bd077d03f8b66babff261af4e3e5
-
SSDEEP
384:x1FKN7jBCufsvVhqYjb3efF4OSUfwRbek0a8BdXQRusvKh4dk:x1FKN7jBC2svVLj7mxSGMl8BFQbvK2k
Behavioral task
behavioral1
Sample
db36cafda963b6464923356faf6e9ae1b953b2a85dcfd7c372c925407f1c21a5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
db36cafda963b6464923356faf6e9ae1b953b2a85dcfd7c372c925407f1c21a5.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
im523
HacKed
0.tcp.eu.ngrok.io:15574
3af7f2b1f33dad1da92e7f8ffbbc0386
-
reg_key
3af7f2b1f33dad1da92e7f8ffbbc0386
-
splitter
|'|'|
Targets
-
-
Target
db36cafda963b6464923356faf6e9ae1b953b2a85dcfd7c372c925407f1c21a5.exe
-
Size
37KB
-
MD5
5c0fbebc21d4edf3759244438fc479ae
-
SHA1
a5a9bb372be9d679be2795e2a2f42250b43a3d51
-
SHA256
db36cafda963b6464923356faf6e9ae1b953b2a85dcfd7c372c925407f1c21a5
-
SHA512
96d33662575ccaa7b7adb24c15f3599c6203f66fb585f7d187829492f85d5995dbda5b80ab72960abae004188fd6ff1b6467093fdabba5331e6ce365156396a9
-
SSDEEP
384:C+8vEiTbTvpWNcZ0y8fvCv3v3cLkacparAF+rMRTyN/0L+EcoinblneHQM3epzXm:r87TZ38fvCv3E1cQrM+rMRa8Nul+t
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1