General

  • Target

    85c9f16abba34e9fd9b0414251f015c8a8b70427944d7b37e09995cf3f0ac7aa

  • Size

    863KB

  • Sample

    210913-hgfpmsdag9

  • MD5

    301b9f7de5b10a8030c47e1121088667

  • SHA1

    b21a782922b49d3b1be7abb205b1037e613fa13f

  • SHA256

    85c9f16abba34e9fd9b0414251f015c8a8b70427944d7b37e09995cf3f0ac7aa

  • SHA512

    878381ce19b2ddb01ce96e90017c902a6d87283376354e862bf6c1a1772e182f6e7c5b7fc839ddc150cc3e79062aeaff584c880d4cfb6f6bdd9b3d810b14c509

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

10.10.10.10:5552

Mutex

0dc24807523d3cd24b54cd0996e4c49b

Attributes
  • reg_key

    0dc24807523d3cd24b54cd0996e4c49b

  • splitter

    |'|'|

Targets

    • Target

      85c9f16abba34e9fd9b0414251f015c8a8b70427944d7b37e09995cf3f0ac7aa

    • Size

      863KB

    • MD5

      301b9f7de5b10a8030c47e1121088667

    • SHA1

      b21a782922b49d3b1be7abb205b1037e613fa13f

    • SHA256

      85c9f16abba34e9fd9b0414251f015c8a8b70427944d7b37e09995cf3f0ac7aa

    • SHA512

      878381ce19b2ddb01ce96e90017c902a6d87283376354e862bf6c1a1772e182f6e7c5b7fc839ddc150cc3e79062aeaff584c880d4cfb6f6bdd9b3d810b14c509

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Discovery

System Information Discovery

2
T1082

Tasks