Overview

overview

10

Static

static

10

1922ae3640...44.exe

windows7_x64

8

1922ae3640...44.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1922ae3640abe410d70132e356093c13e1ad9e7cdaebfbedb385488a04c6c844

  • Size

    37KB

  • Sample

    220520-fagbgsada8

  • MD5

    31ca35b288d43b6a5dc0c9a635e26307

  • SHA1

    767e38dbb31a7ab5ea4f52c80d681d7348503208

  • SHA256

    1922ae3640abe410d70132e356093c13e1ad9e7cdaebfbedb385488a04c6c844

  • SHA512

    99e16797c10800754a10482dc0305ef716bbcc0650a6dc729df3eed1af33b6ba9bedd124ea2d9ea7c9ccce91d5dae65ab1a2731c46bad7e87f1b99dd7e3eb92b

Score
10/10
njrathackedevasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

samel123.hopto.org:1333

Mutex

32ac31aca9dcbd9ec914ab17f6c2137d

Attributes
  • reg_key

    32ac31aca9dcbd9ec914ab17f6c2137d

  • splitter

    |'|'|

Targets

    • Target

      1922ae3640abe410d70132e356093c13e1ad9e7cdaebfbedb385488a04c6c844

    • Size

      37KB

    • MD5

      31ca35b288d43b6a5dc0c9a635e26307

    • SHA1

      767e38dbb31a7ab5ea4f52c80d681d7348503208

    • SHA256

      1922ae3640abe410d70132e356093c13e1ad9e7cdaebfbedb385488a04c6c844

    • SHA512

      99e16797c10800754a10482dc0305ef716bbcc0650a6dc729df3eed1af33b6ba9bedd124ea2d9ea7c9ccce91d5dae65ab1a2731c46bad7e87f1b99dd7e3eb92b

    Score
    8/10
    evasion

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks