General
-
Target
Vanta Paid.exe
-
Size
165KB
-
Sample
241213-ct576sxlbk
-
MD5
dee04dfb6b2dd1b73a5c6b83911c4bed
-
SHA1
a80516d112d08fc820ddaaf6e6e972c088a2dfe2
-
SHA256
09bfb2b9045773f123de5aad102a6cc08bbad620b7cd35fa926b624ef1e7ee30
-
SHA512
209734045eb5efb01a0527db8bd74ebc027f3922b1c0c2caaa9eaa1e0043b22aa5c5845629d97aff698eb13ead2b111ff9a7d05df37ddd5e4e014f2426733c23
-
SSDEEP
3072:Fw19/9Arq7DWCKoXiO4VIaGEcPkGmK9LxBbqp2h2q:FwEwyxvcMGmCBbIq
Behavioral task
behavioral1
Sample
Vanta Paid.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Vanta Paid.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Vanta Paid.exe
-
Size
165KB
-
MD5
dee04dfb6b2dd1b73a5c6b83911c4bed
-
SHA1
a80516d112d08fc820ddaaf6e6e972c088a2dfe2
-
SHA256
09bfb2b9045773f123de5aad102a6cc08bbad620b7cd35fa926b624ef1e7ee30
-
SHA512
209734045eb5efb01a0527db8bd74ebc027f3922b1c0c2caaa9eaa1e0043b22aa5c5845629d97aff698eb13ead2b111ff9a7d05df37ddd5e4e014f2426733c23
-
SSDEEP
3072:Fw19/9Arq7DWCKoXiO4VIaGEcPkGmK9LxBbqp2h2q:FwEwyxvcMGmCBbIq
-
Njrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
5Credentials In Files
5