Overview

overview

10

Static

static

10

aecee89ac3...1d.exe

windows7_x64

8

aecee89ac3...1d.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aecee89ac383e028e843f29aebbb191d.exe

  • Size

    37KB

  • Sample

    220122-rg9r6abec9

  • MD5

    aecee89ac383e028e843f29aebbb191d

  • SHA1

    fb228c1a12415c6f301a76774c28ac602dafde44

  • SHA256

    fc4fc64aa60cab72de617368e5dfdd772f99f7b2881947193e36f0adc169776a

  • SHA512

    2f4b80fdf6aefa1b6ee10edcebc48dce8ec26c85eaf226a67c7d32295a8964a648b855e9d5a03d7a42681cb65175499abb911e8ba001651d56f0e5b420c6aed2

Score
10/10
njrathackedevasionpersistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

185.216.34.82:7777

Mutex

d80f0fab8a423604e7b276e9befe9efa

Attributes
  • reg_key

    d80f0fab8a423604e7b276e9befe9efa

  • splitter

    |'|'|

Targets

    • Target

      aecee89ac383e028e843f29aebbb191d.exe

    • Size

      37KB

    • MD5

      aecee89ac383e028e843f29aebbb191d

    • SHA1

      fb228c1a12415c6f301a76774c28ac602dafde44

    • SHA256

      fc4fc64aa60cab72de617368e5dfdd772f99f7b2881947193e36f0adc169776a

    • SHA512

      2f4b80fdf6aefa1b6ee10edcebc48dce8ec26c85eaf226a67c7d32295a8964a648b855e9d5a03d7a42681cb65175499abb911e8ba001651d56f0e5b420c6aed2

    Score
    8/10
    evasionpersistence

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks