General
-
Target
849da44503aec8838a4db0d2a013b2e04ddb4a7511bb6b97b737ed636cb64eb3
-
Size
30KB
-
Sample
240419-vwkncsad75
-
MD5
2bdb24869a1bb74126fa53198e473ed9
-
SHA1
e1aacc5c5f18ca68eeab6458183362d117d76875
-
SHA256
849da44503aec8838a4db0d2a013b2e04ddb4a7511bb6b97b737ed636cb64eb3
-
SHA512
e2f1bdb0aaea611db335551adfc52359d252afaf84029c4bce307b7c9ca6108e45c48ceda5a870efed406ceffb6fe9e53fbcbc8b28beb5bfa3e5cf765ff2e307
-
SSDEEP
768:umqvkCwmYfSKE/Bq0AOknk1d4L5qX0bW6FIo:AvrgfnE/k0Wod4w0bW9o
Behavioral task
behavioral1
Sample
246ab25a7240d684c1a6bf5abd6bcd6f13e0d86c97940883bc249e2b7cb23853.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
246ab25a7240d684c1a6bf5abd6bcd6f13e0d86c97940883bc249e2b7cb23853.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
Platinum
HacKed
127.0.0.1:11964
Exspa.exe
-
reg_key
Exspa.exe
-
splitter
|Ghost|
Targets
-
-
Target
246ab25a7240d684c1a6bf5abd6bcd6f13e0d86c97940883bc249e2b7cb23853.exe
-
Size
65KB
-
MD5
2fb7fc0949aa14070e5e5d1ec37d48e7
-
SHA1
9b0043790d9881f690e11086004d3218648d9c22
-
SHA256
246ab25a7240d684c1a6bf5abd6bcd6f13e0d86c97940883bc249e2b7cb23853
-
SHA512
13a475df0962a72f8c817511dbda22efb07c41167ebac229c7b0193a88c0f6bf383025e1327732b152d8a53ab4358d4b40d3c6f4b09cc3881165bda826e16f3b
-
SSDEEP
1536:FIkoUoN36tSQviFw1gnRuBnvbLfLteF3nLrB9z3nNaF9bIS9vM:FIkoUoN36tSQviFC08BnHfWl9zdaF9bw
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-