Overview

overview

10

Static

static

10

2d2953e271...4d.exe

windows7_x64

8

2d2953e271...4d.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d2953e271225d8f668f068025ac529074c2b632abf7186ceb16349cc415ad4d

  • Size

    103KB

  • Sample

    220520-e8fl6saca9

  • MD5

    06bbf13d7108483f81883c19f969d43a

  • SHA1

    3de7442bf0b317806ae399041f6e5baa3438ed90

  • SHA256

    2d2953e271225d8f668f068025ac529074c2b632abf7186ceb16349cc415ad4d

  • SHA512

    42e13669d35781ba7549bf2fefa44bc59312b33071f0f77d9b179d68c076eb17018959f9dfaa96bf84093667d48c8da56900c68639310aabceee51a2dce50a43

Score
10/10
njrathackedevasionpersistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

a4ce4e921de09bda8ac4c00f293b22b5

Attributes
  • reg_key

    a4ce4e921de09bda8ac4c00f293b22b5

  • splitter

    |'|'|

Targets

    • Target

      2d2953e271225d8f668f068025ac529074c2b632abf7186ceb16349cc415ad4d

    • Size

      103KB

    • MD5

      06bbf13d7108483f81883c19f969d43a

    • SHA1

      3de7442bf0b317806ae399041f6e5baa3438ed90

    • SHA256

      2d2953e271225d8f668f068025ac529074c2b632abf7186ceb16349cc415ad4d

    • SHA512

      42e13669d35781ba7549bf2fefa44bc59312b33071f0f77d9b179d68c076eb17018959f9dfaa96bf84093667d48c8da56900c68639310aabceee51a2dce50a43

    Score
    8/10
    evasionpersistence

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks