General
-
Target
TimeTravel2.0PRIVATE.exe
-
Size
37KB
-
Sample
241005-va2praxcmq
-
MD5
c0622865d16a983583fd648b788066ed
-
SHA1
f186dd87ed741a70d36095e422249ddf913fd950
-
SHA256
bd7cea2a6ca9838482956acdfb324911c9a96a6801a34221deb35ee3a7e04230
-
SHA512
4664135eafd1daf50fd0e8684ca9e55898763d657745c2644ffd18a2638ba1ac8c45e71ec3c93b995ba11d34671bb8a9ff54e5c9ccd336082acdda62188ea88e
-
SSDEEP
384:vD6rp7Lsik79zNf/1uyU77cPbxs2cPWrAF+rMRTyN/0L+EcoinblneHQM3epzXTm:mrRWl1lU77c1FcerM+rMRa8NuFit
Malware Config
Extracted
njrat
im523
timetravel2
194.44.57.113:5552
91137d4eb023a57c126288b3b00270ca
-
reg_key
91137d4eb023a57c126288b3b00270ca
-
splitter
|'|'|
Targets
-
-
Target
TimeTravel2.0PRIVATE.exe
-
Size
37KB
-
MD5
c0622865d16a983583fd648b788066ed
-
SHA1
f186dd87ed741a70d36095e422249ddf913fd950
-
SHA256
bd7cea2a6ca9838482956acdfb324911c9a96a6801a34221deb35ee3a7e04230
-
SHA512
4664135eafd1daf50fd0e8684ca9e55898763d657745c2644ffd18a2638ba1ac8c45e71ec3c93b995ba11d34671bb8a9ff54e5c9ccd336082acdda62188ea88e
-
SSDEEP
384:vD6rp7Lsik79zNf/1uyU77cPbxs2cPWrAF+rMRTyN/0L+EcoinblneHQM3epzXTm:mrRWl1lU77c1FcerM+rMRa8NuFit
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1