Overview
overview
10Static
static
10cc/PP checker.exe
windows7-x64
10cc/PP checker.exe
windows10-2004-x64
8cc/libeay32.dll
windows7-x64
3cc/libeay32.dll
windows10-2004-x64
3cc/libssl32.dll
windows7-x64
3cc/libssl32.dll
windows10-2004-x64
3cc/pp_checker.exe.lnk
windows7-x64
6cc/pp_checker.exe.lnk
windows10-2004-x64
3cc/ssleay32.dll
windows7-x64
3cc/ssleay32.dll
windows10-2004-x64
3General
-
Target
2ade3ecc947a7ee4b5888aa0d841f65d_JaffaCakes118
-
Size
1.4MB
-
Sample
241009-e5pqns1eqh
-
MD5
2ade3ecc947a7ee4b5888aa0d841f65d
-
SHA1
9b4f3c90924edfcac89cd8d8674afe1b9138137e
-
SHA256
455fb9ca9528bb4aea47f4eeab8ecb136df58787e815931e1276f85d9a89282b
-
SHA512
6c32c9310d4c8fd65910bde7e0136bae1d1569f8ee4e64d0eabb114ae31cd9b296f67579bc049e97591fe2c2e901728a723e6469cb83fceffe108e1f6139a3e4
-
SSDEEP
24576:+mTt3Gvv77FBA7oYTw8SqcFDN8DpAKsDXIHQ205yE+it7nhrE3Mmi:+zvXFzCw8SqcFaD6LPZ+iCMmi
Behavioral task
behavioral1
Sample
cc/PP checker.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
cc/PP checker.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
cc/libeay32.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
cc/libeay32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
cc/libssl32.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
cc/libssl32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
cc/pp_checker.exe.lnk
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
cc/pp_checker.exe.lnk
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
cc/ssleay32.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
cc/ssleay32.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.6.4
Spameur monta
kadi41.no-ip.org:1177
9d0ca6779c4df125b0313463a3f5f631
-
reg_key
9d0ca6779c4df125b0313463a3f5f631
-
splitter
|'|'|
Targets
-
-
Target
cc/PP checker.exe
-
Size
592KB
-
MD5
f9af3bb471626b0b164883fd40364984
-
SHA1
2134dfb0329ed567be16aded8da7bedf9d65f588
-
SHA256
96cb6cc90619a599c9806d649a64db4aa596c495887ae3b3db432e63082bd0ab
-
SHA512
e0f0c447c37b57caff29ae54f99b1ef37a9416a7fa03aa15f0f66c0e7a279a495c54e768527845ee900af95e76c8c2607053c85e30d7ff85fe0a1806e6fb7071
-
SSDEEP
12288:b2y2axB0F+IKNDleyJJ5KcZDOIOcMldpFU065lbzO4mBR:q+xB3ZL5NDzkdHUphNmBR
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
cc/libeay32.dll
-
Size
925KB
-
MD5
805db415858b302e94826517f0a80352
-
SHA1
388760a586a27dc020c8d68fd7a527900b3dc86f
-
SHA256
375230e1b5fcf122e675a6996cf288a7c9ef65122639096393bd6595380f8b0d
-
SHA512
6fda41b03181dacfd31341ce80c327734c1c7532e4f8b0e711650e68922d577a647137f9b173e2b1af30f5c08c4839f235a2f8c508002d020ba2d864a17b83de
-
SSDEEP
24576:sPhGh0DY61iiGn+nG4pVzK6wcVPYMUh7:sIh0seiieW3VPYMUh
Score3/10 -
-
-
Target
cc/libssl32.dll
-
Size
169KB
-
MD5
9517f743f0b8836e0921ee5432a22a79
-
SHA1
7f71036c0669db30bff4705aaf14a836ef6686d1
-
SHA256
728d27d744fe415292ed0c35ed7a4a238b9bfa57ac3dc33e568e933130410701
-
SHA512
19f76b761e75dddea70e2caca06078c5f90a3531e82ae001c4f48768f002d5d12c8cf73f941abf80633d35624be300f69ed68c5081b4aa64bf45367a1596125a
-
SSDEEP
3072:gM0v1zaPRZCnvP/bOO6trcsevguKeZntJW4EiByyjQQBtrurekGwC:7O1zWCnvH6xg5vdJp8ydtriekQ
Score3/10 -
-
-
Target
cc/pp_checker.exe.lnk
-
Size
778B
-
MD5
3f02ef6a34edd061238ff0650aa444da
-
SHA1
329b8fa007c5ca7a4e315c4ccc392ccb0646d710
-
SHA256
7c5fcebc9580bb8039d326ad975e3c59f635e89589b2241d19115fd437b76fd3
-
SHA512
c1e949c776b38bbfd96039b9a9162a9101de8a78d679c6c2f33e6149fc5641bb4536833211ea4d83feb13a66c994e097fb6ed8295d1c96c0dc9ad619dd6b5ecb
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
cc/ssleay32.dll
-
Size
156KB
-
MD5
1659400f88a1aa0d639f6e3d56dc9a14
-
SHA1
39c634dcb399676e32b15514b7ed0a788e35d795
-
SHA256
021c109e371feb8cca3cac1e9d3bb2da2f29dde41f2da444f1571b4cb7714057
-
SHA512
d1171d24b623bc7176bcec610fa86ac43f81f4f246a6e8d1e7c7ede8c195a4df190507134f060953a9d07e95732026d20b2765ecb683afece211fb3be794bde5
-
SSDEEP
3072:fJY1YtE7Sxclu+Q0gfj/PG/2GUsF8JW0OV7uEPassW:f21Y3qu+Q0gfzmhFiW0OKssW
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1