General
-
Target
445c58c5c3422efe4af4f7963cf64f7e7476aea0b59fa3305b7dec51d613eb39.exe
-
Size
37KB
-
Sample
240718-tmf35szakg
-
MD5
12b2b849d8192f9858bb6a780d53eb37
-
SHA1
3727d88c7c8af8b20b06b6f22511cfc86275661e
-
SHA256
445c58c5c3422efe4af4f7963cf64f7e7476aea0b59fa3305b7dec51d613eb39
-
SHA512
598f522406a72ca51d0aff5cc97b9f0d8d9558f1cd920309a4c10c6bbc174fbe687864b3f725f388bf46efcc4996b50361809d3b41d1842f7d0662d068806783
-
SSDEEP
768:KEnIaSE5j1vjep4aVkOrM+rMRa8NuYqtN:ZnI3E5pbep9iR+gRJNj
Behavioral task
behavioral1
Sample
445c58c5c3422efe4af4f7963cf64f7e7476aea0b59fa3305b7dec51d613eb39.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
445c58c5c3422efe4af4f7963cf64f7e7476aea0b59fa3305b7dec51d613eb39.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
njrat
im523
HacKedbyCSAimBotCheathehehe
RomanPrasko-43071.portmap:43071
6dab89b2fd31a596dbc4d84659041fc5
-
reg_key
6dab89b2fd31a596dbc4d84659041fc5
-
splitter
|'|'|
Targets
-
-
Target
445c58c5c3422efe4af4f7963cf64f7e7476aea0b59fa3305b7dec51d613eb39.exe
-
Size
37KB
-
MD5
12b2b849d8192f9858bb6a780d53eb37
-
SHA1
3727d88c7c8af8b20b06b6f22511cfc86275661e
-
SHA256
445c58c5c3422efe4af4f7963cf64f7e7476aea0b59fa3305b7dec51d613eb39
-
SHA512
598f522406a72ca51d0aff5cc97b9f0d8d9558f1cd920309a4c10c6bbc174fbe687864b3f725f388bf46efcc4996b50361809d3b41d1842f7d0662d068806783
-
SSDEEP
768:KEnIaSE5j1vjep4aVkOrM+rMRa8NuYqtN:ZnI3E5pbep9iR+gRJNj
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1