Overview

overview

10

Static

static

10

edf06c5e96...40.exe

windows7_x64

8

edf06c5e96...40.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edf06c5e963ca0cf079ce038a1f41e2aa2465ab28b96cb85ee7052d26d3f6f40

  • Size

    37KB

  • Sample

    220520-1mtgsseah6

  • MD5

    bfad59e0511b7ac6fee163f6b98e6e11

  • SHA1

    dd6ad52ae90bb5b91004c59848c8366e9ae38ae5

  • SHA256

    edf06c5e963ca0cf079ce038a1f41e2aa2465ab28b96cb85ee7052d26d3f6f40

  • SHA512

    2401e7947cd7ff861d3048fe20a72e2c9c34e7e6ff94990905d2873c109ad647fd80f622b95d2ec253aa2ce2dd781ed36632ba655b690d2f16bf5d22a5dfa096

Score
10/10
njrathackedevasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.ngrok.io:1604

Mutex

3dbfd71c7c0fa8b98bff5b8a79438375

Attributes
  • reg_key

    3dbfd71c7c0fa8b98bff5b8a79438375

  • splitter

    |'|'|

Targets

    • Target

      edf06c5e963ca0cf079ce038a1f41e2aa2465ab28b96cb85ee7052d26d3f6f40

    • Size

      37KB

    • MD5

      bfad59e0511b7ac6fee163f6b98e6e11

    • SHA1

      dd6ad52ae90bb5b91004c59848c8366e9ae38ae5

    • SHA256

      edf06c5e963ca0cf079ce038a1f41e2aa2465ab28b96cb85ee7052d26d3f6f40

    • SHA512

      2401e7947cd7ff861d3048fe20a72e2c9c34e7e6ff94990905d2873c109ad647fd80f622b95d2ec253aa2ce2dd781ed36632ba655b690d2f16bf5d22a5dfa096

    Score
    8/10
    evasion

    • Modifies Windows Firewall

      evasion

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks