General
-
Target
ef022f571bbe78532cc1d1d09689470933f629f5e3775929f8926d7b51e6f122_Sigmanly
-
Size
93KB
-
Sample
241226-mqnttstjgz
-
MD5
4951d592fac59ef8005596d2af5d116b
-
SHA1
536ab7195afefb6c8947a86b10adb8d0461f7115
-
SHA256
ef022f571bbe78532cc1d1d09689470933f629f5e3775929f8926d7b51e6f122
-
SHA512
3f551f1b653764dae9d75dbdf764389786a6004ef2c49f3c7ba81bb4412adc7c8c3315649e4c5a8f970b3f185f67e6f04bacf1264f233225511d45cb75d20ff1
-
SSDEEP
1536:ZYduiuNTXfL/AJbZNljEwzGi1dDFDugS:ZYdaTXfL/AhzSi1dJT
Behavioral task
behavioral1
Sample
ef022f571bbe78532cc1d1d09689470933f629f5e3775929f8926d7b51e6f122_Sigmanly.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ef022f571bbe78532cc1d1d09689470933f629f5e3775929f8926d7b51e6f122_Sigmanly.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
company-telecom.gl.at.ply.gg:42876
445c7762b8f06a76352fcac2e22df159
-
reg_key
445c7762b8f06a76352fcac2e22df159
-
splitter
|'|'|
Targets
-
-
Target
ef022f571bbe78532cc1d1d09689470933f629f5e3775929f8926d7b51e6f122_Sigmanly
-
Size
93KB
-
MD5
4951d592fac59ef8005596d2af5d116b
-
SHA1
536ab7195afefb6c8947a86b10adb8d0461f7115
-
SHA256
ef022f571bbe78532cc1d1d09689470933f629f5e3775929f8926d7b51e6f122
-
SHA512
3f551f1b653764dae9d75dbdf764389786a6004ef2c49f3c7ba81bb4412adc7c8c3315649e4c5a8f970b3f185f67e6f04bacf1264f233225511d45cb75d20ff1
-
SSDEEP
1536:ZYduiuNTXfL/AJbZNljEwzGi1dDFDugS:ZYdaTXfL/AhzSi1dJT
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1