General
-
Target
2INJECT BYPASS BP.exe
-
Size
141KB
-
Sample
241001-zjyrnstbrd
-
MD5
80d2c46d0860242b374567bee889b360
-
SHA1
1824af121d54fb6a9f27e60177e6dfd51a1e5005
-
SHA256
ecedda5e5b8289ca6a2934482d13106d0c5faa7cb5fb7b2f1685bc2cc4147f02
-
SHA512
cfc23f37fe2ef6be6de9445bd969eb1d7edb0289aa1180f1f42ee3ef0214fc986e8ea07d458c307f09b66df387c97c3ac8e411b98c192b3f5559b8eabb3c563f
-
SSDEEP
3072:osSasVMY3+pWOwarL59GoPTMajtQ9RWVtoH8qDT4bfGFkGS+b03mD7XY:oBVMY3+p9l7tQKfqDTcYkFmD7X
Static task
static1
Behavioral task
behavioral1
Sample
2INJECT BYPASS BP.exe
Resource
win10v2004-20240910-en
Malware Config
Extracted
njrat
Platinum
HacKed
127.0.0.1:36597
realtek.exe
-
reg_key
realtek.exe
-
splitter
|Ghost|
Targets
-
-
Target
2INJECT BYPASS BP.exe
-
Size
141KB
-
MD5
80d2c46d0860242b374567bee889b360
-
SHA1
1824af121d54fb6a9f27e60177e6dfd51a1e5005
-
SHA256
ecedda5e5b8289ca6a2934482d13106d0c5faa7cb5fb7b2f1685bc2cc4147f02
-
SHA512
cfc23f37fe2ef6be6de9445bd969eb1d7edb0289aa1180f1f42ee3ef0214fc986e8ea07d458c307f09b66df387c97c3ac8e411b98c192b3f5559b8eabb3c563f
-
SSDEEP
3072:osSasVMY3+pWOwarL59GoPTMajtQ9RWVtoH8qDT4bfGFkGS+b03mD7XY:oBVMY3+p9l7tQKfqDTcYkFmD7X
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1