General
-
Target
e01df4c5286089fb07206d0c3b7c245b5321a88fb9e19e413ca431608a0e7e84.exe
-
Size
5.2MB
-
Sample
240522-rywa4aee59
-
MD5
4b33f2982aa4df81f65b713a7e398b3c
-
SHA1
630b0be15443733a06412b072441ec00075e2f83
-
SHA256
e01df4c5286089fb07206d0c3b7c245b5321a88fb9e19e413ca431608a0e7e84
-
SHA512
7efceddfe0d85ea082650d47e3897dd35b3117154fa20b391f2db8626bcb2a3ba04bb0ae3e7efff9fb5585c4c95262f0669c7aa72ff322a8138cb35d8d841205
-
SSDEEP
98304:Oh9o1ezhQcSZcOb+sX1ZvbeG4Z0FGRABTgtse6vzovknQp:Oh9hhQcERCsXDjfZkJMQp
Behavioral task
behavioral1
Sample
e01df4c5286089fb07206d0c3b7c245b5321a88fb9e19e413ca431608a0e7e84.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e01df4c5286089fb07206d0c3b7c245b5321a88fb9e19e413ca431608a0e7e84.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
Platinum
HacKed
127.0.0.1:8848
SecurityHealthService.exe
-
reg_key
SecurityHealthService.exe
-
splitter
|Ghost|
Targets
-
-
Target
e01df4c5286089fb07206d0c3b7c245b5321a88fb9e19e413ca431608a0e7e84.exe
-
Size
5.2MB
-
MD5
4b33f2982aa4df81f65b713a7e398b3c
-
SHA1
630b0be15443733a06412b072441ec00075e2f83
-
SHA256
e01df4c5286089fb07206d0c3b7c245b5321a88fb9e19e413ca431608a0e7e84
-
SHA512
7efceddfe0d85ea082650d47e3897dd35b3117154fa20b391f2db8626bcb2a3ba04bb0ae3e7efff9fb5585c4c95262f0669c7aa72ff322a8138cb35d8d841205
-
SSDEEP
98304:Oh9o1ezhQcSZcOb+sX1ZvbeG4Z0FGRABTgtse6vzovknQp:Oh9hhQcERCsXDjfZkJMQp
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-