General
-
Target
Fps0ptimizer_ByKartavik.exe
-
Size
93KB
-
Sample
241227-mn3j7svjgk
-
MD5
1a5e53bb0bcbcbb680fbb54a55a1c630
-
SHA1
5d420fbdfa84f3828ccbfa7ca1709edaddd22839
-
SHA256
865d9448dab0a512e40d8cf95d83cccdc9bb32806466d5ae3d2a30301f299a80
-
SHA512
1dcd0ac4af1b16770bf163060838f33fe534762d5b4e42d83c9733cdaaf827852a14f18bbccb4c802ef87f8fa3d39707a96bcc60e40e73b23043371a9537495a
-
SSDEEP
1536:HemC+xhUa9urgOB9mNvM4jEwzGi1dDYDLgS:HegUa9urgOidGi1dmE
Behavioral task
behavioral1
Sample
Fps0ptimizer_ByKartavik.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Fps0ptimizer_ByKartavik.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
0.tcp.eu.ngrok.io:19331
48a41a18500fb55c8cc19095299f8b6a
-
reg_key
48a41a18500fb55c8cc19095299f8b6a
-
splitter
|'|'|
Targets
-
-
Target
Fps0ptimizer_ByKartavik.exe
-
Size
93KB
-
MD5
1a5e53bb0bcbcbb680fbb54a55a1c630
-
SHA1
5d420fbdfa84f3828ccbfa7ca1709edaddd22839
-
SHA256
865d9448dab0a512e40d8cf95d83cccdc9bb32806466d5ae3d2a30301f299a80
-
SHA512
1dcd0ac4af1b16770bf163060838f33fe534762d5b4e42d83c9733cdaaf827852a14f18bbccb4c802ef87f8fa3d39707a96bcc60e40e73b23043371a9537495a
-
SSDEEP
1536:HemC+xhUa9urgOB9mNvM4jEwzGi1dDYDLgS:HegUa9urgOidGi1dmE
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1