General

  • Target

    c057b20168f138304c491aad769453c92851c3b119662715c49b8ae66881d3d7

  • Size

    37KB

  • Sample

    220520-wpsk3abec2

  • MD5

    c3f164e066b7f20fffd8df364fc40266

  • SHA1

    85133f66865acaf84901e93a18477277497ee725

  • SHA256

    c057b20168f138304c491aad769453c92851c3b119662715c49b8ae66881d3d7

  • SHA512

    1cc683df9225a6588011f28942762030f0d94ba36fe4226447e7e0f46c5dc15231d274000695df35cdba4094612a1adb07c688cdd67aadc7070299af45f73a29

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

manakailia.hopto.org:1805

Mutex

b3606c5f97d6501fbc87e008a24eb48c

Attributes
  • reg_key

    b3606c5f97d6501fbc87e008a24eb48c

  • splitter

    |'|'|

Targets

    • Target

      c057b20168f138304c491aad769453c92851c3b119662715c49b8ae66881d3d7

    • Size

      37KB

    • MD5

      c3f164e066b7f20fffd8df364fc40266

    • SHA1

      85133f66865acaf84901e93a18477277497ee725

    • SHA256

      c057b20168f138304c491aad769453c92851c3b119662715c49b8ae66881d3d7

    • SHA512

      1cc683df9225a6588011f28942762030f0d94ba36fe4226447e7e0f46c5dc15231d274000695df35cdba4094612a1adb07c688cdd67aadc7070299af45f73a29

    Score
    8/10
    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Lateral Movement

Replication Through Removable Media

1
T1091

Tasks