General

  • Target

    a7c7122b618b82e09123da0590300feb42b29e082472ee95f828d3028b3b1bc3

  • Size

    36KB

  • Sample

    220121-3cbv4sdagj

  • MD5

    30895d08245ccc8a8272fef40e6a424b

  • SHA1

    6341f4104a5a6a8ae5265419fb53fe8b798f7fb6

  • SHA256

    a7c7122b618b82e09123da0590300feb42b29e082472ee95f828d3028b3b1bc3

  • SHA512

    e67570fb3c4ea9494f9414656654d55a71c78ca35f26ef1bddef8a1905d4acfbaf1a01b2ee52559ec82cf2a6a79194f0f1680818161fa6e1abec7ac09f536f7b

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

Victim

C2

lorixo666-56372.portmap.io:56372

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      a7c7122b618b82e09123da0590300feb42b29e082472ee95f828d3028b3b1bc3

    • Size

      36KB

    • MD5

      30895d08245ccc8a8272fef40e6a424b

    • SHA1

      6341f4104a5a6a8ae5265419fb53fe8b798f7fb6

    • SHA256

      a7c7122b618b82e09123da0590300feb42b29e082472ee95f828d3028b3b1bc3

    • SHA512

      e67570fb3c4ea9494f9414656654d55a71c78ca35f26ef1bddef8a1905d4acfbaf1a01b2ee52559ec82cf2a6a79194f0f1680818161fa6e1abec7ac09f536f7b

    Score
    7/10
    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks