General
-
Target
vanity crack.rar
-
Size
31KB
-
Sample
240831-vcc46svcjq
-
MD5
e7e8c447e2a7de8de4c5c30ec43516b5
-
SHA1
d13bf36e5819017c82ca0e4e6ab42fa9bbf1321b
-
SHA256
c53d5de0df7c54c81828d7994d012b3368300bb8c8181327a9759b11756a4a30
-
SHA512
c0bc741643aa5fa8cf7588130a401c41c6b0d51dc32809f684975d073eedc9afee22a94b2ed91c7c6cdf286a0270f6943def3e62b2cae816ad7758161ad11258
-
SSDEEP
768:1X94hip/QgtAzaDwwxklM4Isr+uGV9I2K3anB8YYHqWYVt:1XyhYbAza8KCGVm2K3ainqt
Behavioral task
behavioral1
Sample
vanity crack.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
vanity crack.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
147.185.221.22:26711
73cb6c63a3026592d5170aa3e4fa39c7
-
reg_key
73cb6c63a3026592d5170aa3e4fa39c7
-
splitter
|'|'|
Targets
-
-
Target
vanity crack.exe
-
Size
93KB
-
MD5
f2895b196e1cd8abac43232b366b6f96
-
SHA1
271c71ef80184f30f170987adea77c86c4d9ba58
-
SHA256
8934d9269d3a680383f20326e905cd9ad6ce11bf3d08cb2ff7c7c9bb07d6c9b7
-
SHA512
7c93e3246d5d23f7e4c0495c5eec02a1c66a669781413ed1f890ea4d470f980219b063f42b2adc3e00e01b78b7f7a8388852ed1d314f309739c5e57423ad8b22
-
SSDEEP
1536:RejJD/HBZbszKu9AZpy7r1jEwzGi1dDlD8gS:ReCzK4AZwHCi1dhV
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1