Overview

overview

10

Static

static

10

af4499ed44...8a.exe

windows7_x64

8

af4499ed44...8a.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af4499ed44414f08163cbf2bae5399fa75ded2b44524e800e7e897440eb45a8a

  • Size

    95KB

  • Sample

    220520-1r4tbshddn

  • MD5

    3ed2318e56f9a575e44d72d913ef6957

  • SHA1

    54fa35e4a9dd162e50c04431098d195e7b6cd8c5

  • SHA256

    af4499ed44414f08163cbf2bae5399fa75ded2b44524e800e7e897440eb45a8a

  • SHA512

    c91fb2174e4d8dad9e670ff855dc9525fd7e9c3febbd9ca4189ce9f1e02ee8e1b521506640c745c7847930b0ff99a7fa127abfe314bea621eabeda863c759cfe

Score
10/10
njrathackedevasionpersistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

mischa228.hopto.org,mischa228.hopto.org,mischa228.hopto.org:2121

Mutex

0ec1047b7dbded2390b0348f753c20bd

Attributes
  • reg_key

    0ec1047b7dbded2390b0348f753c20bd

  • splitter

    |'|'|

Targets

    • Target

      af4499ed44414f08163cbf2bae5399fa75ded2b44524e800e7e897440eb45a8a

    • Size

      95KB

    • MD5

      3ed2318e56f9a575e44d72d913ef6957

    • SHA1

      54fa35e4a9dd162e50c04431098d195e7b6cd8c5

    • SHA256

      af4499ed44414f08163cbf2bae5399fa75ded2b44524e800e7e897440eb45a8a

    • SHA512

      c91fb2174e4d8dad9e670ff855dc9525fd7e9c3febbd9ca4189ce9f1e02ee8e1b521506640c745c7847930b0ff99a7fa127abfe314bea621eabeda863c759cfe

    Score
    8/10
    evasionpersistence

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks