General

  • Target

    e921d5f11cbdb49edbc84df43345e162f6c949e717afee3404ca5605c550c69d

  • Size

    863KB

  • Sample

    210921-k2wmpshab7

  • MD5

    61cc86c500d27fb8ee7cdcbf3f51654e

  • SHA1

    da823449b046aabc24d82519619235e4800dfd22

  • SHA256

    e921d5f11cbdb49edbc84df43345e162f6c949e717afee3404ca5605c550c69d

  • SHA512

    2a5d6ea3516c248a4f87ceb877417320e0324f80c8177d944f64f999724d9a4af334b5bc581bf00e4f1b49d30dab4f8bb516514eb4be6d673b5c30e35e4e5384

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

10.10.10.10:4444

Mutex

68746e5f270d3b8fbd6f47be0fcb6282

Attributes
  • reg_key

    68746e5f270d3b8fbd6f47be0fcb6282

  • splitter

    |'|'|

Targets

    • Target

      e921d5f11cbdb49edbc84df43345e162f6c949e717afee3404ca5605c550c69d

    • Size

      863KB

    • MD5

      61cc86c500d27fb8ee7cdcbf3f51654e

    • SHA1

      da823449b046aabc24d82519619235e4800dfd22

    • SHA256

      e921d5f11cbdb49edbc84df43345e162f6c949e717afee3404ca5605c550c69d

    • SHA512

      2a5d6ea3516c248a4f87ceb877417320e0324f80c8177d944f64f999724d9a4af334b5bc581bf00e4f1b49d30dab4f8bb516514eb4be6d673b5c30e35e4e5384

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Discovery

System Information Discovery

2
T1082

Tasks