Overview

overview

10

Static

static

10

Spoofer/In...64.dll

windows10-2004-x64

1

Spoofer/In...64.dll

windows11-21h2-x64

1

Spoofer/In...64.dll

windows10-2004-x64

1

Spoofer/In...64.dll

windows11-21h2-x64

1

Spoofer/In...64.dll

windows10-2004-x64

1

Spoofer/In...64.dll

windows11-21h2-x64

1

Spoofer/In...64.dll

windows10-2004-x64

1

Spoofer/In...64.dll

windows11-21h2-x64

1

Spoofer/Mo...er.dll

windows10-2004-x64

1

Spoofer/Mo...er.dll

windows11-21h2-x64

1

Spoofer/Sp...ox.exe

windows10-2004-x64

8

Spoofer/Sp...ox.exe

windows11-21h2-x64

8

Spoofer/by...-0.dll

windows10-2004-x64

3

Spoofer/by...-0.dll

windows11-21h2-x64

3

Spoofer/by...-0.dll

windows10-2004-x64

3

Spoofer/by...-0.dll

windows11-21h2-x64

3

Spoofer/by...-0.dll

windows10-2004-x64

3

Spoofer/by...-0.dll

windows11-21h2-x64

3

Spoofer/by...-0.dll

windows10-2004-x64

3

Spoofer/by...-0.dll

windows11-21h2-x64

3

Spoofer/by...-1.dll

windows10-2004-x64

3

Spoofer/by...-1.dll

windows11-21h2-x64

3

Spoofer/mo...gc.dll

windows10-2004-x64

1

Spoofer/mo...gc.dll

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Kox_Spoofer__LEAKED_.rar

  • Size

    16.4MB

  • Sample

    250115-xt7ffstlar

  • MD5

    c1e94f18558db65b1206a9d279caee5b

  • SHA1

    68738ddcce8d150bf4ef6eb9260a8b6f516d59d3

  • SHA256

    cd2fdd55b920a87b56eaca6f8b1b78db347a4b4b42a1e67a0f0c4d1e09c19c06

  • SHA512

    46e1afd74350b8af6cd09c03dc1566444e4d475f1c72ce5764ebd83fbbce7f05b89b77c7f734a286ceda16cd1eaa36ef355b8152587152be19808613386add1e

  • SSDEEP

    393216:HWv76884ItGS7KMNtxzo09B7Dkof8865SXtCFxoiE:HW768TItv2g/7DkQ8+cDE

Score
10/10
njrathackeddiscoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

147.185.221.24:50768

Mutex

543f49bacff49231d84b60f449c28484

Attributes
  • reg_key

    543f49bacff49231d84b60f449c28484

  • splitter

    |'|'|

Targets

    • Target

      Spoofer/Interface/Magick.Native-Q16-arm64.dll

    • Size

      21.4MB

    • MD5

      9c2cebb5ef02cc4b7d5003214a2cee70

    • SHA1

      075ca36c739a90c0f157546a97b69f0d4a1616a2

    • SHA256

      d04dc1841fda055713770fb19ba5ddfc0a74f8af691f757d13c97076b0f0b38f

    • SHA512

      97f04ee8a6f463cf6b290baee916e34b3b41532146c0de73ac5b6ee62827b5ffdba38c6ed19b624db6bbb72b759b4805dfad7f166e1056ced91471ae35807237

    • SSDEEP

      393216:ndw+dfNgXTEQcs2K9QarsOswIAp0rDSnSrX2JNBNM:JF2DmBwIAp0rDSLE

    Score
    1/10
    behavioral1behavioral2

    • Target

      Spoofer/Interface/Magick.Native-Q16-x64.dll

    • Size

      24.0MB

    • MD5

      788c7d79e142ffbc14f1c0bd7c15d6c4

    • SHA1

      2b713c40f23633a226695f8394f66932a1de2c29

    • SHA256

      7a9c41b8e573694f8009f38c07fecba3fa70295890eccca5ab6c393910a658e8

    • SHA512

      8c6995bc99523dff60cd1cdd540b836bac47fe3360984569275a092a4899ef585c49ed835dd36a9138fec081f3b3c7743d0c531d2edec9e230cc23277e711376

    • SSDEEP

      393216:Vmvwo1FoX+a2B3JKWMW9MsURIaKa5zdQ0Onh1JmNQ:VKDoN2Jf

    Score
    1/10
    behavioral3behavioral4

    • Target

      Spoofer/Interface/libcrypto-3-x64.dll

    • Size

      4.5MB

    • MD5

      e3e4236c4483dbe1bc5954fd63c965b8

    • SHA1

      ae8b364d2e43221466f2aa3f3c9412a713214c53

    • SHA256

      923d7641e3655c627b80dfd63bd5e701a26e9b8b6186d56b901a60cb57494901

    • SHA512

      7130ee5db3c7570f68b454df138926ac710e9095f1e4ff7d74ef0e329e793d20fe95eb6409730203cc706410c3efd2cf6b1c1eab26a655d29a1f74673cc8abc8

    • SSDEEP

      98304:Al+fYmGXMIW67HknPRy41CPwDvt3uFGCC:cddXMIW67HknJy41CPwDvt3uFGCC

    Score
    1/10
    behavioral5behavioral6

    • Target

      Spoofer/Interface/libssl-3-x64.dll

    • Size

      802KB

    • MD5

      4e2a30eba5388b0fe1838137a61ac255

    • SHA1

      b6563a03f357478632d38f0f5ed28feb2af2ccf8

    • SHA256

      ce0c322e48b95a719cd51728471e04197448d9f2ae1d0be0c99a745833dfd3a2

    • SHA512

      4480c658eb4e3563f2622ba2a7f1f80a73e1f5aa27753030e1a7a8ca3abf07656067604e8042ca943d9cefc2524c830250dacf08ea7fc45d3bd7fa963b579917

    • SSDEEP

      12288:SNQOYbewmdoyf/gLyfF/26v4yl/kP+1+MMDcdEVB3y:Szsmdo6PZ/O+oMMIdEVB3y

    Score
    1/10
    behavioral7behavioral8

    • Target

      Spoofer/MonoPosixHelper.dll

    • Size

      773KB

    • MD5

      1edfa2a911cac9727b97141d95468b0b

    • SHA1

      83ea96b2bf037292b3811285ad2aac118ac76e2c

    • SHA256

      60dfe986e7699d5dadd99b413214900b514161bcd41f94f53748b1ec0484fe78

    • SHA512

      82d4d3f895ccf09d1817033dce10eab38702887b196394038e204167414746b9d97e67c6f7135d08bc228664b1d0769dede7bfeddfa71bfee142c7012a61915b

    • SSDEEP

      12288:gPCcsYATVuvVTY+Dzz1Ex1wurpbpnOWyio5quPfnsTYmfHC7:gPAByVTY+Dzz1Ex1phOZio5RPfnsThi

    Score
    1/10
    behavioral10behavioral9

    • Target

      Spoofer/SpooferByKox.exe

    • Size

      37KB

    • MD5

      8cd29796f726b13449bcb6add0978d91

    • SHA1

      58bac53109e20c8823ae6e0badf295064de1b2ed

    • SHA256

      17e23b6b16ac79160e2627851c2f2964ccc0d1eb20997d4ab80ac330f1cb43e1

    • SHA512

      d8b929ed61e26ca67f2d742e3b4c0f84555c17f2143e62000bef99a676a00095f54d48633cefd9c2dc890dfff2a0ee7c0fa94a9fb44ecc8abd40a63ee894e3df

    • SSDEEP

      384:zcSvEiTbTvpWNcZ0y8fvCv3v3cLkacpjrAF+rMRTyN/0L+EcoinblneHQM3epzXs:AS7TZ38fvCv3E1c1rM+rMRa8NunGt

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral11behavioral12

    • Target

      Spoofer/bypass/api-ms-win-core-memory-l1-1-0.dll

    • Size

      11KB

    • MD5

      d9e4e446dcccbfa822059dcd16edfc41

    • SHA1

      cded5e8dbf7a00e080432257f95406f5728e739a

    • SHA256

      d70eb06ed4f0c686dda93f35f065ec5e6249e5c737a24249738314c31f9d5202

    • SHA512

      11deace1b537fb770281468efb265d932a22b797ee268fb60d968f2f238cbbead6c60114572932732b1fd8d5682c1080e7e927a25f73ed2f5e85640b080a37a3

    • SSDEEP

      192:oWFWOhW0T71ojDBQABJxAY1hXqnajL1dHx3tKCJAC:DFWOhWZDBRJOY1NlXBtpOC

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      Spoofer/bypass/api-ms-win-core-namedpipe-l1-1-0.dll

    • Size

      11KB

    • MD5

      bb05cdffc71ac2b0c0fb2cc35b409ec2

    • SHA1

      b327ab67107235beb5fcd1b893a571e21e29f6ff

    • SHA256

      36c42192283f129ff5637a06b7c3d72e5ed8e1c77493623384f2bdac15118f29

    • SHA512

      b55cbf2aaa2f7685925c313d4ce73b8635666e5f2f30e2621fec88f3b526d296e5d1fb5c28bf3ea5e8621b298e01b75542085e9e3d1a966762173a3e53e4240d

    • SSDEEP

      192:iWWOhWYT71ojDBQABJz0ymVqnajLQvTP+8jIrf:1WOhWNDBRJzxmVlvQyUIrf

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      Spoofer/bypass/api-ms-win-core-processenvironment-l1-1-0.dll

    • Size

      12KB

    • MD5

      14e48e802a6690282ebde74fd5b78e6f

    • SHA1

      8cb9adc2a99c6ca443c2ef0be6bb093f9059aeb2

    • SHA256

      0d10d132cd28b57fb88135d5693ba2c1aace2fc059d85bde0318fb9b379b57b7

    • SHA512

      710356f5e6d4f6dd7754c72deff703b144f91b54e643017c05dc81ebd4150981651e6f3ff20eded5fcd7abe0327692e8d6bab00f454597fc36603bd8389601c3

    • SSDEEP

      192:0vWOhWUT71ojDBQABJWTfqnajMHxxBNT06YeOXw:0vWOhW5DBRJGlI66YeOg

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      Spoofer/bypass/api-ms-win-core-processthreads-l1-1-0.dll

    • Size

      13KB

    • MD5

      f2fa7c391d7671ab11028e85d29ab27f

    • SHA1

      734ccf57cab781d367b62d216b6582f3bb89249d

    • SHA256

      28dd68501f527be6bc54f5f374bc33be983ea7ac640e66e3a56272cd3b9a5655

    • SHA512

      3286fd352fb4149151168babe4b1e44d22e914d950f41c099748e8d3b117ada86391fb4e0ef5863aac07b2a08372ccce0c470642ac8a7c7dbf97ea72af1d0583

    • SSDEEP

      384:ok1JzNcKSI1WOhWzDBRJS/kPlI66YeO7EN:DcKSmS1P1q66MoN

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      Spoofer/bypass/api-ms-win-core-processthreads-l1-1-1.dll

    • Size

      11KB

    • MD5

      7016bf365a155d29f01a000942a017ef

    • SHA1

      47e25b97af56edbdd20ca72bba994c6bcf1b81e6

    • SHA256

      b5f815d0a41add7fd9593036a8e6843fcc221298fefd61808f960eed3cc19830

    • SHA512

      2cd7e88717a2d81811ce03990737888b8a1e9e351dcdad401ffe5924bdf97be086bd766a1a5b25411b760cbf81b68bebd94d915100b6bc1310360813af11f827

    • SSDEEP

      192:79DfIeNWOhWVT71ojDBQABJUqdqnajLQvTP+8jIrnN:79DfIeNWOhWuDBRJhdlvQyUIrN

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      Spoofer/mono-2.0-bdwgc.dll

    • Size

      4.7MB

    • MD5

      d304cd9ce64dbe76273dba6a87b6c817

    • SHA1

      f3eba33f692a38c7b1a90b0a76ab87b0737e2855

    • SHA256

      55911542f46e58b3842147fc8f3fd8f6b07206898615202125c57f313970256a

    • SHA512

      deaa47e5f4e8cb910b5b60cd08aaab7b8886e42dd4c1ac936340da6b3d8810ce97b99a1e0bbb4cd8fd08282a7e19dc2c75f703c655ff680d7c8634d96a4d4432

    • SSDEEP

      98304:xFWQ6mmTAsgtObkwi/sedvdjnORSq57e5OiciMQIl:qCmTAsuObkw8dvdjnORSq5y5fLMQIl

    Score
    1/10
    behavioral23behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks