Overview

overview

10

Static

static

10

03f8315b61...c8.exe

windows7_x64

8

03f8315b61...c8.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03f8315b61092daea8068fe527a0d94e8684d153e62bab70c4c4b667a452dfc8

  • Size

    37KB

  • Sample

    210906-hjpekadgdl

  • MD5

    ce2bbb0067fabb0f15a62d525d88f5eb

  • SHA1

    20c8a8f626ee8ec00f673623b7bac87856596bf0

  • SHA256

    03f8315b61092daea8068fe527a0d94e8684d153e62bab70c4c4b667a452dfc8

  • SHA512

    23d05ac11553e92307061326adccee0723cf04046048276d78354eaa2eca1a4e90e72c5483e4bca395b10ef5dd83b898adc182ff18800f970dac3cfbf36917a4

Score
10/10
njrathackedevasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

hacker21312.bounceme.net:5553

Mutex

020f1ce7546b079586c46944751ffd27

Attributes
  • reg_key

    020f1ce7546b079586c46944751ffd27

  • splitter

    |'|'|

Targets

    • Target

      03f8315b61092daea8068fe527a0d94e8684d153e62bab70c4c4b667a452dfc8

    • Size

      37KB

    • MD5

      ce2bbb0067fabb0f15a62d525d88f5eb

    • SHA1

      20c8a8f626ee8ec00f673623b7bac87856596bf0

    • SHA256

      03f8315b61092daea8068fe527a0d94e8684d153e62bab70c4c4b667a452dfc8

    • SHA512

      23d05ac11553e92307061326adccee0723cf04046048276d78354eaa2eca1a4e90e72c5483e4bca395b10ef5dd83b898adc182ff18800f970dac3cfbf36917a4

    Score
    8/10
    evasion

    • Modifies Windows Firewall

      evasion

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks