Overview

overview

10

Static

static

10

payload.exe

windows7-x64

7

payload.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    payload.exe

  • Size

    27KB

  • Sample

    220802-zths7sceeq

  • MD5

    719586d8b62ee3203fafc4834472c722

  • SHA1

    8668e69c2eadf4087f56cd4ad5f30b5a960abfb3

  • SHA256

    a4eb32f9273e31ef4f46e2a7036cd89aa35e8fe8aa0b67982b0c149d30e88590

  • SHA512

    6e667e3e75a5f682c7b16d2cf31b30d0019f708efe9c00011e793d3b2b71ad592638911ced815aeb4d14ca356e11c88ba7ed4c6eef3181650e849aa2fd27ec34

Score
10/10
njrathackedpersistence

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

full-qui.at.playit.gg:14457

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      payload.exe

    • Size

      27KB

    • MD5

      719586d8b62ee3203fafc4834472c722

    • SHA1

      8668e69c2eadf4087f56cd4ad5f30b5a960abfb3

    • SHA256

      a4eb32f9273e31ef4f46e2a7036cd89aa35e8fe8aa0b67982b0c149d30e88590

    • SHA512

      6e667e3e75a5f682c7b16d2cf31b30d0019f708efe9c00011e793d3b2b71ad592638911ced815aeb4d14ca356e11c88ba7ed4c6eef3181650e849aa2fd27ec34

    Score
    7/10
    persistence

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks