General
-
Target
BYPASSFIVEM.exe
-
Size
10.1MB
-
Sample
240629-qws8aaydkh
-
MD5
00f035f6802cc6f8585bd8df90f21ee7
-
SHA1
00d12acd567db0dc9d17828a2033addd2ec66b35
-
SHA256
e973c49e3f5647060a56041e0a9f7378063a02e3c8728d1d102461278a98c00f
-
SHA512
dc1f98a2553423739f2e272df80383c973fc902dabaa6f423b5bfd4453dd1c1c9b3333392092941ace78cc09a67f8adf165c8ada1809e331f514aaf5c0fcd085
-
SSDEEP
196608:AqwLHNz/d34jLu1HTOnfOCgPtUCGQ8hfNC1GA+MHJx2QfxfLyflipARuHCQ:K1/1hJ/CgPaxQ8hfg1B+W9fLyOBiQ
Static task
static1
Behavioral task
behavioral1
Sample
BYPASSFIVEM.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
njrat
0.7d
ducservice
hakim32.ddns.net:2000
45.141.26.194:1337
3f7251b9b8c5afa092adc8657b97c1c2
-
reg_key
3f7251b9b8c5afa092adc8657b97c1c2
-
splitter
|'|'|
Targets
-
-
Target
BYPASSFIVEM.exe
-
Size
10.1MB
-
MD5
00f035f6802cc6f8585bd8df90f21ee7
-
SHA1
00d12acd567db0dc9d17828a2033addd2ec66b35
-
SHA256
e973c49e3f5647060a56041e0a9f7378063a02e3c8728d1d102461278a98c00f
-
SHA512
dc1f98a2553423739f2e272df80383c973fc902dabaa6f423b5bfd4453dd1c1c9b3333392092941ace78cc09a67f8adf165c8ada1809e331f514aaf5c0fcd085
-
SSDEEP
196608:AqwLHNz/d34jLu1HTOnfOCgPtUCGQ8hfNC1GA+MHJx2QfxfLyflipARuHCQ:K1/1hJ/CgPaxQ8hfg1B+W9fLyOBiQ
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-