Overview

overview

10

Static

static

10

e851efe23d...88.exe

windows7_x64

8

e851efe23d...88.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e851efe23db49d755ba392fc5c0178065fcfad27acd03bb0695dcd8c9bf3dc88

  • Size

    37KB

  • Sample

    220520-et2wvscbgk

  • MD5

    19c8cf79e89a2d1c0060dba4e9250054

  • SHA1

    5494dbb517b273c06b79496f36f5ad3d2b54e094

  • SHA256

    e851efe23db49d755ba392fc5c0178065fcfad27acd03bb0695dcd8c9bf3dc88

  • SHA512

    3c4c8d46d79c53e34e39906cdac18760efa9e9b3ac8f5b907398f902e1868fcf87c4af3529900165619fe03e4472f8939e7efb5431e69e6c829f7e11eac15ec4

Score
10/10
njrathelloevasionpersistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HELLO

C2

128.69.46.210:8888

Mutex

6492ce10f1b5af06c5f7c31753b4dbe5

Attributes
  • reg_key

    6492ce10f1b5af06c5f7c31753b4dbe5

  • splitter

    |'|'|

Targets

    • Target

      e851efe23db49d755ba392fc5c0178065fcfad27acd03bb0695dcd8c9bf3dc88

    • Size

      37KB

    • MD5

      19c8cf79e89a2d1c0060dba4e9250054

    • SHA1

      5494dbb517b273c06b79496f36f5ad3d2b54e094

    • SHA256

      e851efe23db49d755ba392fc5c0178065fcfad27acd03bb0695dcd8c9bf3dc88

    • SHA512

      3c4c8d46d79c53e34e39906cdac18760efa9e9b3ac8f5b907398f902e1868fcf87c4af3529900165619fe03e4472f8939e7efb5431e69e6c829f7e11eac15ec4

    Score
    8/10
    evasionpersistence

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks