General
-
Target
New Client.exe
-
Size
167KB
-
Sample
240620-yx65jazdjj
-
MD5
aff7f6841207d3f856b402c10b98ba3b
-
SHA1
9c546d837abea8668bf4aba214b8d276c29e3a94
-
SHA256
12f7ba7143aee8b5f1b1af523be033dd305c39af612b8de1057b461af934d97f
-
SHA512
bf4c0ecb59dd80eb3e19f0435fed148bfec6ff5d5631aab20ad6e9d61839ba7c5b9cafde1a01a421d06cc492693f64fdb9abb2297afbb4ac7d9105476745fe79
-
SSDEEP
3072:f6eOfoN36tLQviFCu9BnxpfWl9zRaF9bPYvM+UJ8T2SXZyrgoBJtbN/3MCK2kev0:fMk9zdvMA/JdSI5eb
Behavioral task
behavioral1
Sample
New Client.exe
Resource
win10-20240404-en
Malware Config
Extracted
njrat
Platinum
LOX
127.0.0.1:10935
Microsoft Edge
-
reg_key
Microsoft Edge
-
splitter
|Ghost|
Targets
-
-
Target
New Client.exe
-
Size
167KB
-
MD5
aff7f6841207d3f856b402c10b98ba3b
-
SHA1
9c546d837abea8668bf4aba214b8d276c29e3a94
-
SHA256
12f7ba7143aee8b5f1b1af523be033dd305c39af612b8de1057b461af934d97f
-
SHA512
bf4c0ecb59dd80eb3e19f0435fed148bfec6ff5d5631aab20ad6e9d61839ba7c5b9cafde1a01a421d06cc492693f64fdb9abb2297afbb4ac7d9105476745fe79
-
SSDEEP
3072:f6eOfoN36tLQviFCu9BnxpfWl9zRaF9bPYvM+UJ8T2SXZyrgoBJtbN/3MCK2kev0:fMk9zdvMA/JdSI5eb
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Disables Task Manager via registry modification
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1