Overview

overview

10

Static

static

10

gamesense crack.rar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gamesense crack.rar

  • Size

    8.9MB

  • Sample

    240819-pgkf6atcna

  • MD5

    5d6bb82b4aee939f88f5b7c268e39ad0

  • SHA1

    b940594fbc56b00464d030c58ed8a5dd4dd3765a

  • SHA256

    52e6b23b06e40d27f1ddfee92af9286f7cd466c331bcbb3ebeba402b38874c58

  • SHA512

    0f9e758839cd0f13b0d097817de5b273cb2e85eae132fe4fb1f403265dea6c987ee6f264ba514b58d55b2d6883179693dc60baeeb53809c892d6f71bcfa2a7c4

  • SSDEEP

    6144:TFUmJOJu/3f+BLtABPDdNF6daduZTjAHUtVU141V6GIeyXuRA1D0C1XF:TFUmxZNQxZTjA0tEY69eyXT1DjXF

Score
10/10
44calibernjratanonymuscredential_accessdiscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/850434657128677426/NKtzHjpXTc8DWd5W7crWJQCaeVPSDZfP98WZ2JMx4BYhJfWt9hwb4ZsH-AtwJO41HgKu

Extracted

Family

njrat

Version

0.7d

Botnet

Anonymus

C2

hakim32.ddns.net:2000

82.202.167.67:5552
Mutex

891eb3526ecd6f2db1ef6d8512ec6014

Attributes
  • reg_key

    891eb3526ecd6f2db1ef6d8512ec6014

  • splitter

    |'|'|

Targets

    • Target

      gamesense crack.rar

    • Size

      8.9MB

    • MD5

      5d6bb82b4aee939f88f5b7c268e39ad0

    • SHA1

      b940594fbc56b00464d030c58ed8a5dd4dd3765a

    • SHA256

      52e6b23b06e40d27f1ddfee92af9286f7cd466c331bcbb3ebeba402b38874c58

    • SHA512

      0f9e758839cd0f13b0d097817de5b273cb2e85eae132fe4fb1f403265dea6c987ee6f264ba514b58d55b2d6883179693dc60baeeb53809c892d6f71bcfa2a7c4

    • SSDEEP

      6144:TFUmJOJu/3f+BLtABPDdNF6daduZTjAHUtVU141V6GIeyXuRA1D0C1XF:TFUmxZNQxZTjA0tEY69eyXT1DjXF

    Score
    10/10
    44calibernjratanonymuscredential_accessdiscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

2
T1005

Command and Control

Exfiltration

Impact

Tasks