General

  • Target

    Kaspersky.exe

  • Size

    93KB

  • Sample

    250329-pk183svkw3

  • MD5

    3060fc299e17c7783df72a4e5f031f39

  • SHA1

    2b1a867cf9dd435670d3c638974b4ad3c4a6ac87

  • SHA256

    cc3766508cfe6674d7c5a3008353ad24aa7e50c576a77b31e26985bd7aee5aa0

  • SHA512

    490a2728a54d021e2834332b8a1cc37475486794a2eef27c974a587ede72e1ca4672e3d0f05c646c954f4f4760c12a13f9cd901b816436ca20690ad14f904aa2

  • SSDEEP

    1536:HV/r7EkrjaFIs7E5OxzJn8njEwzGi1dDjDzgS:HV7jau5OVVLi1drs

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Pupsik

C2

hakim32.ddns.net:2000

7.tcp.eu.ngrok.io:10780

Mutex

83252676f26e0ab65853f7859226c726

Attributes
  • reg_key

    83252676f26e0ab65853f7859226c726

  • splitter

    |'|'|

Targets

    • Target

      Kaspersky.exe

    • Size

      93KB

    • MD5

      3060fc299e17c7783df72a4e5f031f39

    • SHA1

      2b1a867cf9dd435670d3c638974b4ad3c4a6ac87

    • SHA256

      cc3766508cfe6674d7c5a3008353ad24aa7e50c576a77b31e26985bd7aee5aa0

    • SHA512

      490a2728a54d021e2834332b8a1cc37475486794a2eef27c974a587ede72e1ca4672e3d0f05c646c954f4f4760c12a13f9cd901b816436ca20690ad14f904aa2

    • SSDEEP

      1536:HV/r7EkrjaFIs7E5OxzJn8njEwzGi1dDjDzgS:HV7jau5OVVLi1drs

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.