Overview

overview

10

Static

static

10

0ae4dfe433...c1.exe

windows7_x64

8

0ae4dfe433...c1.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ae4dfe43308ce7d6e68d877c74e74e63d03089d9a36a0f3b3501c97137345c1

  • Size

    37KB

  • Sample

    220520-3e9j6aggf3

  • MD5

    07b030d2d9514eb342732e24f096b066

  • SHA1

    ae675ffb75c89eac13848237240d724591211818

  • SHA256

    0ae4dfe43308ce7d6e68d877c74e74e63d03089d9a36a0f3b3501c97137345c1

  • SHA512

    2975a45f7f6ac8ed1b07bc3db0bbec763637225ffe8727b6da6fe2e7d73a9bffbaec6e2c1baee4301bbe4f289e74dd8491690845007f9485e9c1bfcf916ca145

Score
10/10
njratdimonhackevasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

DIMONHACK

C2

dima715626.ddns.net:9291

Mutex

f5a2552a9a371bcdfe465098b6608089

Attributes
  • reg_key

    f5a2552a9a371bcdfe465098b6608089

  • splitter

    |'|'|

Targets

    • Target

      0ae4dfe43308ce7d6e68d877c74e74e63d03089d9a36a0f3b3501c97137345c1

    • Size

      37KB

    • MD5

      07b030d2d9514eb342732e24f096b066

    • SHA1

      ae675ffb75c89eac13848237240d724591211818

    • SHA256

      0ae4dfe43308ce7d6e68d877c74e74e63d03089d9a36a0f3b3501c97137345c1

    • SHA512

      2975a45f7f6ac8ed1b07bc3db0bbec763637225ffe8727b6da6fe2e7d73a9bffbaec6e2c1baee4301bbe4f289e74dd8491690845007f9485e9c1bfcf916ca145

    Score
    8/10
    evasion

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks