General
-
Target
Systeminteracts (32 bit).exe
-
Size
37KB
-
Sample
240726-hgw2masbrm
-
MD5
fb3f9f675ace4b0e2e3938b40b4a016e
-
SHA1
e45bd61c9830bbdaa413f1e5addf2e05c9ccfd6e
-
SHA256
d2673072e29073998e65da0023a0f4f6d96493ecdfbfee84b044b1947eef11d5
-
SHA512
ebd2ff3940962155c9ee78dced5a2a2967f81084707e111a47af7fc60109996f4c87ab962c3deac1336464677b99cb48ea3ef76315cedcfd68232678439505f9
-
SSDEEP
384:ISAjrUiS6L1G5k2gyk/8If5e/QUZSiKrAF+rMRTyN/0L+EcoinblneHQM3epzXr6:sjz32bk/8IQYUZStrM+rMRa8Nutqt
Behavioral task
behavioral1
Sample
Systeminteracts (32 bit).exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Systeminteracts (32 bit).exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
njrat
im523
HacKed
20.ip.gl.ply.gg:55257
319c1637f1925d788496e1f3109ae4f7
-
reg_key
319c1637f1925d788496e1f3109ae4f7
-
splitter
|'|'|
Targets
-
-
Target
Systeminteracts (32 bit).exe
-
Size
37KB
-
MD5
fb3f9f675ace4b0e2e3938b40b4a016e
-
SHA1
e45bd61c9830bbdaa413f1e5addf2e05c9ccfd6e
-
SHA256
d2673072e29073998e65da0023a0f4f6d96493ecdfbfee84b044b1947eef11d5
-
SHA512
ebd2ff3940962155c9ee78dced5a2a2967f81084707e111a47af7fc60109996f4c87ab962c3deac1336464677b99cb48ea3ef76315cedcfd68232678439505f9
-
SSDEEP
384:ISAjrUiS6L1G5k2gyk/8If5e/QUZSiKrAF+rMRTyN/0L+EcoinblneHQM3epzXr6:sjz32bk/8IQYUZStrM+rMRa8Nutqt
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Scripting
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2