Overview

overview

10

Static

static

10

d128d0d459...6d.exe

windows7_x64

8

d128d0d459...6d.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d128d0d459f5068dfe530367170baa007d0c020962d481d9f0cfdaf32ae5bd6d

  • Size

    37KB

  • Sample

    220520-rq7n6agcb3

  • MD5

    e8547ac392f98d01fae8e263e1b6c26b

  • SHA1

    e1cc996d8e6b31c4437c6f5ffcffdffcaaea4b46

  • SHA256

    d128d0d459f5068dfe530367170baa007d0c020962d481d9f0cfdaf32ae5bd6d

  • SHA512

    4b68a53d1be958e3aa51f938181aa8edf4d45437c79a2b933bf054a0497cacba09a7c826236dccfb657eaaa15ab2bd706b6c46f600a481df0d1a79c39d5e97f4

Score
10/10
njrathackedevasionpersistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

kolyasik228.ddns.net:7893

Mutex

f59597a1d3a50c6c38e895eab5af835e

Attributes
  • reg_key

    f59597a1d3a50c6c38e895eab5af835e

  • splitter

    |'|'|

Targets

    • Target

      d128d0d459f5068dfe530367170baa007d0c020962d481d9f0cfdaf32ae5bd6d

    • Size

      37KB

    • MD5

      e8547ac392f98d01fae8e263e1b6c26b

    • SHA1

      e1cc996d8e6b31c4437c6f5ffcffdffcaaea4b46

    • SHA256

      d128d0d459f5068dfe530367170baa007d0c020962d481d9f0cfdaf32ae5bd6d

    • SHA512

      4b68a53d1be958e3aa51f938181aa8edf4d45437c79a2b933bf054a0497cacba09a7c826236dccfb657eaaa15ab2bd706b6c46f600a481df0d1a79c39d5e97f4

    Score
    8/10
    evasionpersistence

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks