General

  • Target

    c0abec41705b4bdd837daf0df85f53ca.exe

  • Size

    103KB

  • Sample

    220318-rylfwsaed7

  • MD5

    c0abec41705b4bdd837daf0df85f53ca

  • SHA1

    02c5f31aa6e280bdd7f2bfcf35fc863a735380e1

  • SHA256

    7cc4f1580d6f425b3025bdb83a4782bea363f6d8c1c7fa6374e159aa06327ca2

  • SHA512

    7a30725213b50f20dc683ea894ea12c23b97a141aab54881d42191209e0044f584e739c1454533148880347fbfd13c25b6a6a732663870516f885ef289ce08e8

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

main

C2

45.84.227.157:5012

Mutex

1f4e92fbfae203cc3d0fa75e24979e94

Attributes
  • reg_key

    1f4e92fbfae203cc3d0fa75e24979e94

  • splitter

    |'|'|

Targets

    • Target

      c0abec41705b4bdd837daf0df85f53ca.exe

    • Size

      103KB

    • MD5

      c0abec41705b4bdd837daf0df85f53ca

    • SHA1

      02c5f31aa6e280bdd7f2bfcf35fc863a735380e1

    • SHA256

      7cc4f1580d6f425b3025bdb83a4782bea363f6d8c1c7fa6374e159aa06327ca2

    • SHA512

      7a30725213b50f20dc683ea894ea12c23b97a141aab54881d42191209e0044f584e739c1454533148880347fbfd13c25b6a6a732663870516f885ef289ce08e8

    Score
    8/10
    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Lateral Movement

Replication Through Removable Media

1
T1091

Tasks