Overview

overview

10

Static

static

2f95f95b19...8f.exe

windows7_x64

10

2f95f95b19...8f.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f95f95b19cea5951ebd8ec19f46e8178f427702fc9193d0f851d65a1488a18f

  • Size

    863KB

  • Sample

    210228-wbarsrqrde

  • MD5

    8b32e28becfe5553d9b59e6ea2973265

  • SHA1

    e731235f8faeb6d04d936ebb69b7032132663566

  • SHA256

    2f95f95b19cea5951ebd8ec19f46e8178f427702fc9193d0f851d65a1488a18f

  • SHA512

    6dae649db1d6033850741bb8cc316f222b6f5d476097f1a581fdad5e42f98e667a70457f2fbf0a30870b47976fe5a39c38e8f745ebcc22745e2ce4b3c466ff4a

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

279f6960ed84a752570aca7fb2dc1552

Attributes
  • reg_key

    279f6960ed84a752570aca7fb2dc1552

  • splitter

    |'|'|

Targets

    • Target

      2f95f95b19cea5951ebd8ec19f46e8178f427702fc9193d0f851d65a1488a18f

    • Size

      863KB

    • MD5

      8b32e28becfe5553d9b59e6ea2973265

    • SHA1

      e731235f8faeb6d04d936ebb69b7032132663566

    • SHA256

      2f95f95b19cea5951ebd8ec19f46e8178f427702fc9193d0f851d65a1488a18f

    • SHA512

      6dae649db1d6033850741bb8cc316f222b6f5d476097f1a581fdad5e42f98e667a70457f2fbf0a30870b47976fe5a39c38e8f745ebcc22745e2ce4b3c466ff4a

    Score
    10/10
    njrathackedevasionpersistencetrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks