General
-
Target
d2f88089c3d5494c19db88bed2ff3fab.bin
-
Size
9.5MB
-
Sample
240701-d52vkaycjm
-
MD5
d2f88089c3d5494c19db88bed2ff3fab
-
SHA1
6b4dccd3aedd879ac396e077411c22187f29a4fe
-
SHA256
365e01b07587c756e5fb6244134dc503907fca97402f977724acda871f38a563
-
SHA512
1d001d453eb7c97bec2a6562dda086420ecbbf432b57c90e31178d23f65df33272eeffcbda5c4b03507bf93f381d99a683c40491a898c0ee2cee949483d8c262
-
SSDEEP
196608:O8sRcBDzf4LBIP6dL2Vmd6+DlulOToPVIn+LH/+z3+07MmQZwS1rlzy:eszf490qL2Vmd6mlFTodIn+LH/+zy+SP
Behavioral task
behavioral1
Sample
d2f88089c3d5494c19db88bed2ff3fab.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
d2f88089c3d5494c19db88bed2ff3fab.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
njrat
0.7d
HacKed
gcpanel.hackcrack.io:15508
Windows Explorer
-
reg_key
Windows Explorer
-
splitter
|'|'|
Targets
-
-
Target
d2f88089c3d5494c19db88bed2ff3fab.bin
-
Size
9.5MB
-
MD5
d2f88089c3d5494c19db88bed2ff3fab
-
SHA1
6b4dccd3aedd879ac396e077411c22187f29a4fe
-
SHA256
365e01b07587c756e5fb6244134dc503907fca97402f977724acda871f38a563
-
SHA512
1d001d453eb7c97bec2a6562dda086420ecbbf432b57c90e31178d23f65df33272eeffcbda5c4b03507bf93f381d99a683c40491a898c0ee2cee949483d8c262
-
SSDEEP
196608:O8sRcBDzf4LBIP6dL2Vmd6+DlulOToPVIn+LH/+z3+07MmQZwS1rlzy:eszf490qL2Vmd6mlFTodIn+LH/+zy+SP
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1