General
-
Target
Nordvpn Checker by xRisky.zip
-
Size
1.4MB
-
Sample
241211-wr5cmsxrcn
-
MD5
72079997556ea2c486d05c1201ccff9c
-
SHA1
77bc689dcbb78e3d5ac2cb6620286c24ca7fe29b
-
SHA256
901d3914e57588b3cabe641fc1b46ab7416b79f3019e5231bef789013f331e8a
-
SHA512
4bd21dceb8b7b6fcb993548d2087fcd07597c92e7cfe76cbde59b5b35e5cf14fec7f392aedb6a09640e8a0f2b79bad07f35fd88ccb8c0f14db37ef242cd9df91
-
SSDEEP
24576:0k6xzKOseCms56+E8DHLPpIHxCKKTWvd31RV8ddK6I9nreI+vx31SaVK:0dxbtsjrPmHIKQWvVVOKtKI2lRVK
Static task
static1
Behavioral task
behavioral1
Sample
Nordvpn Checker by xRisky/NordVPN Checker .exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
Nordvpn Checker by xRisky/Nordvpn Checker by xRisky.exe
Resource
win11-20241007-en
Malware Config
Extracted
njrat
0.7d
Checker 2alpes
pur3vpn.ddns.net:5559
bfb7b23723ac9ef23fe5ca9d03794c39
-
reg_key
bfb7b23723ac9ef23fe5ca9d03794c39
-
splitter
|'|'|
Extracted
njrat
0.7d
Checkers
pur3vpn.ddns.net:5559
cc903deaeeb6a6a7c2a29474210cea6f
-
reg_key
cc903deaeeb6a6a7c2a29474210cea6f
-
splitter
|'|'|
Targets
-
-
Target
Nordvpn Checker by xRisky/NordVPN Checker .exe
-
Size
1.0MB
-
MD5
395c953449cf3bb03a51a78844417ad0
-
SHA1
731ed26c2d6509f6f7f20dc9712a23b21e6a6283
-
SHA256
1dc2c6e80ec0e26096859319907b456a505979b4931c6bb369f77acf69e940a2
-
SHA512
b1c251d2e96dd5e6fa8e6ae4924c941dd473e6452ac6a931f273b350c68c7ebb5e64f4f2e89d4504e5eb485a43619f72eaa5936e0c33d84b318fc8709f0ad957
-
SSDEEP
24576:+AHnh+eWsN3skA4RV1Hom2KXMmHaaM7c6+Ea75W:ph+ZkldoPK8YaaLW
-
Njrat family
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
-
-
Target
Nordvpn Checker by xRisky/Nordvpn Checker by xRisky.exe
-
Size
1.2MB
-
MD5
4a8a6e0dee9058400bb2e55fabc14f75
-
SHA1
a7d28731d4f1829bfd1af9273ca9a61fa05f9ede
-
SHA256
86cc041b294b33d95ec7e78954b9a03fbbdd0d08f5eee39bc9ee3c6fab053694
-
SHA512
50b0d6dad029961732bb3eb660f393bd7edbeaf7393182ad654af7ceb81eed07e5beab64683293bbfe8cf90241035c2c80a825e4f963523a9c54231ee005ffb3
-
SSDEEP
24576:PCdxte/80jYLT3U1jfsWa0U3Ui9V1aI+vx31U3DQ9:Ow80cTsjkWa0GsIklp9
-
Njrat family
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1