General
-
Target
Windows Loader 2.2.2 Final Activate All 7 windows 2014.zip
-
Size
2.4MB
-
Sample
250120-atr97stjfq
-
MD5
e4fc652fdd4845c582571f2381eca6cf
-
SHA1
6d64ad5af28e015d9ee90c68945339ff741269f3
-
SHA256
5adca91194964a3a48af7f211f6dbdaf1699d069b63af53698e67de139f90bc7
-
SHA512
e9a18c45e2001ee179065d02a512b0341eee78e840a09be30a32a631383e7b868f4da2abe492bde4a56b9c96bcf4db5ad49de6f9fcfdad92e1350285d3e1c087
-
SSDEEP
49152:1gAXKEfHwESmQ9a2xBFG4l0i0LitfznPOc8c5M0grRPtCQ:1NXKEfQES620li0Lit7nPEtP
Static task
static1
Behavioral task
behavioral1
Sample
Windows Loader 2.2.2 Final Activate All 7 windows 2014/Keys.ini
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Windows Loader 2.2.2 Final Activate All 7 windows 2014/Keys.ini
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Windows Loader 2.2.2 Final Activate All 7 windows 2014/Read me.txt
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Windows Loader 2.2.2 Final Activate All 7 windows 2014/Read me.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Windows Loader 2.2.2 Final Activate All 7 windows 2014/Windows Loader.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
Windows Loader 2.2.2 Final Activate All 7 windows 2014/Windows Loader.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
winloader
micho.ddns.info:1290
b4b06fba73691824a636375169e7be53
-
reg_key
b4b06fba73691824a636375169e7be53
-
splitter
|'|'|
Targets
-
-
Target
Windows Loader 2.2.2 Final Activate All 7 windows 2014/Keys.ini
-
Size
15KB
-
MD5
3ba4950bcf43b1c7b714a1d93b57ea86
-
SHA1
31e7963d19a5e7282d1b6e7476b8923ab26cb8a0
-
SHA256
1384c5fd758a1bd8c9372594503e22d71b0877d332886a1b7d50cb86c4a0a13c
-
SHA512
2165e5047334940b77c93bbe4b2eaae1fe924069a9f946f39dd0f5533c0e161a7322e63de378194b96294d33c494240209dd1f6f32dd45c580cb0c058dd93148
-
SSDEEP
384:WskcEQbtTPQ7xa3VUEV/HwRGjyfdW6fnxZbQr:Ws2QJw+hPz+flbQr
Score1/10 -
-
-
Target
Windows Loader 2.2.2 Final Activate All 7 windows 2014/Read me.txt
-
Size
32KB
-
MD5
3e83d11dcd0d1dc8b6cf531353cf9e81
-
SHA1
0853bfd45b91252a7dc10bd34a4aed267ee67e43
-
SHA256
b5fcbf4b91c436640aab0e8106f942cd47080bf799a22d747b5cf898bd13475c
-
SHA512
18f67001f935021a80b4ee81a9a8ed3b2f9239f8f1d2779114631f90aef4d91d109b15c0722d8cdc13bbc6bac652e361b0835e6a075a3ff55fd4ed7f6f393fcc
-
SSDEEP
768:pKymLFrk3yV2pX/htvMGOHkOaf7luCfp3yeIvWVp9h:o5k3yV2pvhtvMGOHkOaf75fp3yeuWVpX
Score1/10 -
-
-
Target
Windows Loader 2.2.2 Final Activate All 7 windows 2014/Windows Loader.exe
-
Size
2.8MB
-
MD5
5c59dc709c68247d4b4bab4e516f0860
-
SHA1
0c6af593d65518cd477e6a1b27bc3213fa916367
-
SHA256
5ba8646c24d7f2461fabe1a8d63de50c257ea5f77abf1a865ac7f48b8f47f73b
-
SHA512
3dbdba310827a1465b032a05da59f0d0a69e39cc72464a92988959b60f7bc7d0df2caad4ea59fafb173a3766bb00a0a59585637cfea0ec840ac9d568ac3d16f7
-
SSDEEP
49152:kVg5tQ7a/pLsESokRMyJLD2Yv0O0LODBz1HY4QmrQCqVjB9S95:Og568oESKys7O0LODd1H61
-
Njrat family
-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
File and Directory Permissions Modification
1Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1