General
-
Target
mason.exe
-
Size
37KB
-
Sample
240522-gckx5adf86
-
MD5
a0f12925c12879a07c9be4ab0af9403b
-
SHA1
4c51dd1593f37b84e8a8f862bc3331a4e346e10c
-
SHA256
085c75ce23e613be57511c5a2dc46b27ae0311ba058e7299ffdbf0226047b3e9
-
SHA512
9c33817572ff1ae66dafb7f6b589ad48fa62831738fc02240969f7df47895f55d257a35ed38f13b6d1b288d67fa68a6173c2344088bdaec880d2d4cbec538765
-
SSDEEP
384:WmOs0IiejvCVLO309QmykrtG+dA+VfwvOSifrAF+rMRTyN/0L+EcoinblneHQM3X:wFdGdkrgYRwWS0rM+rMRa8NuIuELt
Behavioral task
behavioral1
Sample
mason.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
mason.exe
Resource
win7-20240508-en
Behavioral task
behavioral3
Sample
mason.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
mason.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
mason.exe
Resource
win11-20240419-en
Malware Config
Extracted
njrat
im523
HacKed
2.tcp.eu.ngrok.io:10614
dc3ed1d63dce2fa967ece36fb1f7673e
-
reg_key
dc3ed1d63dce2fa967ece36fb1f7673e
-
splitter
|'|'|
Targets
-
-
Target
mason.exe
-
Size
37KB
-
MD5
a0f12925c12879a07c9be4ab0af9403b
-
SHA1
4c51dd1593f37b84e8a8f862bc3331a4e346e10c
-
SHA256
085c75ce23e613be57511c5a2dc46b27ae0311ba058e7299ffdbf0226047b3e9
-
SHA512
9c33817572ff1ae66dafb7f6b589ad48fa62831738fc02240969f7df47895f55d257a35ed38f13b6d1b288d67fa68a6173c2344088bdaec880d2d4cbec538765
-
SSDEEP
384:WmOs0IiejvCVLO309QmykrtG+dA+VfwvOSifrAF+rMRTyN/0L+EcoinblneHQM3X:wFdGdkrgYRwWS0rM+rMRa8NuIuELt
Score8/10-
Modifies Windows Firewall
-
Legitimate hosting services abused for malware hosting/C2
-