Overview

overview

10

Static

static

10

Kaspersky.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Kaspersky.exe

  • Size

    93KB

  • Sample

    250329-ndj6jsssfz

  • MD5

    ab54e6c36ce4c5f741468fad657919e5

  • SHA1

    39c0e66f651549f517b87bf1b8932f8e91dbeb23

  • SHA256

    4ab6bea1ec09fdb63490036d754206d66b5ed12d2242519e0b24e41ed07a6c89

  • SHA512

    a65052fbaa1f13d7d0fe1afb21b3921eaf4b2504170d6834b59165cb1636221d02bd16df81a972a2eb12c9238362a93be08541224da6b01efc4480610a10b4cc

  • SSDEEP

    768:zY37g530YTXspgM0m2zGjpyDtdXWuDtXfLWh2XxrjEtCdnl2pi1Rz4Rk3ssGdpH3:agZ0AA0mT1mrWgLljEwzGi1dDkDHgS

Score
10/10
njratpupsikdefense_evasiondiscoverypersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Pupsik

C2

hakim32.ddns.net:2000

0.tcp.eu.ngrok.io:18053
Mutex

0c4b3e15737b6964ecad2024f0474129

Attributes
  • reg_key

    0c4b3e15737b6964ecad2024f0474129

  • splitter

    |'|'|

Targets

    • Target

      Kaspersky.exe

    • Size

      93KB

    • MD5

      ab54e6c36ce4c5f741468fad657919e5

    • SHA1

      39c0e66f651549f517b87bf1b8932f8e91dbeb23

    • SHA256

      4ab6bea1ec09fdb63490036d754206d66b5ed12d2242519e0b24e41ed07a6c89

    • SHA512

      a65052fbaa1f13d7d0fe1afb21b3921eaf4b2504170d6834b59165cb1636221d02bd16df81a972a2eb12c9238362a93be08541224da6b01efc4480610a10b4cc

    • SSDEEP

      768:zY37g530YTXspgM0m2zGjpyDtdXWuDtXfLWh2XxrjEtCdnl2pi1Rz4Rk3ssGdpH3:agZ0AA0mT1mrWgLljEwzGi1dDkDHgS

    Score
    8/10
    defense_evasiondiscoverypersistenceprivilege_escalation

    • Disables Task Manager via registry modification

      defense_evasion

    • Modifies Windows Firewall

      defense_evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.