General
-
Target
mal.bin
-
Size
37KB
-
Sample
241016-g1gklswglg
-
MD5
1a89a94b9f8b3e9e12009ce905a6afd7
-
SHA1
18bf661911a93377ada5902ebc581e535f798bd3
-
SHA256
f75a78bbb8b9fec7151cda7ddfe71f05a83828a202b7fb3278840491c775212d
-
SHA512
2b6f7138875dcad65761294b43fde006980efeded9264e11c2d8ee5131c61ec6d4d8ef48cdf5b3c649c32712e255442a0c4d1be572bb9141a9f383b7181bd950
-
SSDEEP
384:767DUiSOL1G5k2gyk/Q0flq/Mst+xWrAF+rMRTyN/0L+EcoinblneHQM3epzXUAH:+7v32bk/Q0oEst+ArM+rMRa8NuuAdt
Behavioral task
behavioral1
Sample
mal.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
mal.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
im523
HacKed
45.141.26.54:1337
619caaa21abeda3dd8c1c8d9779b2992
-
reg_key
619caaa21abeda3dd8c1c8d9779b2992
-
splitter
|'|'|
Targets
-
-
Target
mal.bin
-
Size
37KB
-
MD5
1a89a94b9f8b3e9e12009ce905a6afd7
-
SHA1
18bf661911a93377ada5902ebc581e535f798bd3
-
SHA256
f75a78bbb8b9fec7151cda7ddfe71f05a83828a202b7fb3278840491c775212d
-
SHA512
2b6f7138875dcad65761294b43fde006980efeded9264e11c2d8ee5131c61ec6d4d8ef48cdf5b3c649c32712e255442a0c4d1be572bb9141a9f383b7181bd950
-
SSDEEP
384:767DUiSOL1G5k2gyk/Q0flq/Mst+xWrAF+rMRTyN/0L+EcoinblneHQM3epzXUAH:+7v32bk/Q0oEst+ArM+rMRa8NuuAdt
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1