Overview

overview

10

Static

static

5

05df8d39bc...9a.exe

windows7_x64

10

05df8d39bc...9a.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05df8d39bcf7d65dbedad8a9c01f2b225058a3933373cfee185831791f21de9a

  • Size

    863KB

  • Sample

    210921-kjqnqsghf8

  • MD5

    f5df22a0a21deb1bae571555826e9076

  • SHA1

    f5621b1ee4d1466c06a2a137d46015107aa2855a

  • SHA256

    05df8d39bcf7d65dbedad8a9c01f2b225058a3933373cfee185831791f21de9a

  • SHA512

    800d0d564ed89944f6cee9c3bb3cbee991b12db644f55ed95afc42faa1f58dba208d66187392a50f53b6380ca6c2f1e1fa509d510caccecad842851b5779ef3e

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

10.10.10.10:5552

Mutex

0dc24807523d3cd24b54cd0996e4c49b

Attributes
  • reg_key

    0dc24807523d3cd24b54cd0996e4c49b

  • splitter

    |'|'|

Targets

    • Target

      05df8d39bcf7d65dbedad8a9c01f2b225058a3933373cfee185831791f21de9a

    • Size

      863KB

    • MD5

      f5df22a0a21deb1bae571555826e9076

    • SHA1

      f5621b1ee4d1466c06a2a137d46015107aa2855a

    • SHA256

      05df8d39bcf7d65dbedad8a9c01f2b225058a3933373cfee185831791f21de9a

    • SHA512

      800d0d564ed89944f6cee9c3bb3cbee991b12db644f55ed95afc42faa1f58dba208d66187392a50f53b6380ca6c2f1e1fa509d510caccecad842851b5779ef3e

    Score
    10/10
    njrathackedevasionpersistencetrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks