General
-
Target
fixer.exe
-
Size
37KB
-
Sample
241228-vth2razlfx
-
MD5
dcbe24f29c827478c6616974d7f6f83b
-
SHA1
2ae1cf5cad30e2cbdc794aca7ea3b7e7d11dce0f
-
SHA256
cea2e14387453a028cd6a95960bce28ed65c5c61d94b93defc4ddc94482477c1
-
SHA512
64dce5e86ed28db768d1d7cf50faf410ca4569a6da82665b2290ce4e70033d54bc316b952267a012fdf8be8b8b7e5a4eba4636525b2d53fbf37c483337f68fa1
-
SSDEEP
384:0a9SikSvmkO8IV+ytbNX0PrKs2MfErAF+rMRTyN/0L+EcoinblneHQM3epzXLNCi:lfIV1tbNX0elM8rM+rMRa8NuRft
Malware Config
Extracted
njrat
im523
boykisser
printer-nebraska.gl.at.ply.gg:50300
79002caee528766a1ca30fecb0f3f819
-
reg_key
79002caee528766a1ca30fecb0f3f819
-
splitter
|'|'|
Targets
-
-
Target
fixer.exe
-
Size
37KB
-
MD5
dcbe24f29c827478c6616974d7f6f83b
-
SHA1
2ae1cf5cad30e2cbdc794aca7ea3b7e7d11dce0f
-
SHA256
cea2e14387453a028cd6a95960bce28ed65c5c61d94b93defc4ddc94482477c1
-
SHA512
64dce5e86ed28db768d1d7cf50faf410ca4569a6da82665b2290ce4e70033d54bc316b952267a012fdf8be8b8b7e5a4eba4636525b2d53fbf37c483337f68fa1
-
SSDEEP
384:0a9SikSvmkO8IV+ytbNX0PrKs2MfErAF+rMRTyN/0L+EcoinblneHQM3epzXLNCi:lfIV1tbNX0elM8rM+rMRa8NuRft
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1