Overview

overview

10

Static

static

10

9b3a482edc...06.exe

windows7_x64

8

9b3a482edc...06.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b3a482edc6ae1fe84702f0c697cee06.exe

  • Size

    37KB

  • Sample

    211225-ld9ebshfh5

  • MD5

    9b3a482edc6ae1fe84702f0c697cee06

  • SHA1

    96626b3a6b6b5705777f7cbbb3840e9f1a0503f6

  • SHA256

    3f9bb1c9753bd62335fec0e396d8f0948225069c29f0f91da9a42384db9dff55

  • SHA512

    2eeb8ad663954fa43648b0f3d411bb6dbf7179ac9a42970f1cd8bc4ff4a7c97160669839fa3796e3ce700793d465acf0877b0ae4bc9efad2bc5ec90f4e9f883d

Score
10/10
njrathackedevasionpersistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

6.tcp.ngrok.io:16955

Mutex

aa742da771073f99b2c491a0bc473697

Attributes
  • reg_key

    aa742da771073f99b2c491a0bc473697

  • splitter

    |'|'|

Targets

    • Target

      9b3a482edc6ae1fe84702f0c697cee06.exe

    • Size

      37KB

    • MD5

      9b3a482edc6ae1fe84702f0c697cee06

    • SHA1

      96626b3a6b6b5705777f7cbbb3840e9f1a0503f6

    • SHA256

      3f9bb1c9753bd62335fec0e396d8f0948225069c29f0f91da9a42384db9dff55

    • SHA512

      2eeb8ad663954fa43648b0f3d411bb6dbf7179ac9a42970f1cd8bc4ff4a7c97160669839fa3796e3ce700793d465acf0877b0ae4bc9efad2bc5ec90f4e9f883d

    Score
    8/10
    evasionpersistence

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks