General
-
Target
New Client.exe
-
Size
167KB
-
Sample
240620-yzkz3szdmn
-
MD5
e6ec637308ff2cde1fe5baaa146c67be
-
SHA1
d7e58f694bd75d02ac030c772057fe5d2fd0bfae
-
SHA256
1ac26028d344cbe42b344de82f45736c51347e1a4e7cd3175fe6a3d746e0c5ca
-
SHA512
b89092e2b4e60fb728cb71355853a5897e60c0cba93ff357ee3f13b6ad8693cf387c1f0ddb2971aa465658c44622f76ba674a579e0731616c6d1af21f5be7ec3
-
SSDEEP
3072:QWeOfoN36tLQviFCuoBn8pfWl9zRaF9bEYvM+UJ8T2SXZyrgoBJtbN/3MCK2kev0:QI49zGvMA/JdSI5eb
Behavioral task
behavioral1
Sample
New Client.exe
Resource
win10-20240404-en
Malware Config
Extracted
njrat
Platinum
LOX
127.0.0.1:10935
Microsoft Edge
-
reg_key
Microsoft Edge
-
splitter
|Ghost|
Targets
-
-
Target
New Client.exe
-
Size
167KB
-
MD5
e6ec637308ff2cde1fe5baaa146c67be
-
SHA1
d7e58f694bd75d02ac030c772057fe5d2fd0bfae
-
SHA256
1ac26028d344cbe42b344de82f45736c51347e1a4e7cd3175fe6a3d746e0c5ca
-
SHA512
b89092e2b4e60fb728cb71355853a5897e60c0cba93ff357ee3f13b6ad8693cf387c1f0ddb2971aa465658c44622f76ba674a579e0731616c6d1af21f5be7ec3
-
SSDEEP
3072:QWeOfoN36tLQviFCuoBn8pfWl9zRaF9bEYvM+UJ8T2SXZyrgoBJtbN/3MCK2kev0:QI49zGvMA/JdSI5eb
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Disables Task Manager via registry modification
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1