Overview

overview

10

Static

static

10

000ecfed34...c7.exe

windows7-x64

8

000ecfed34...c7.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    000ecfed34691ea984216886f22b41c7.exe

  • Size

    37KB

  • Sample

    220901-2l3jraeea9

  • MD5

    000ecfed34691ea984216886f22b41c7

  • SHA1

    931acbd3c5663d7db6c6e0e741866c33517af684

  • SHA256

    5a8b428d40e0e947b18c0dd00eb390fa02cb8b8b5e9acf64b476a4f0f9970772

  • SHA512

    d34d69e43803d03c108c8f9635a0430a658f1f3296b7ce45dfda224da297b67528a4814fb6aafbd0405ef039fbc6cc0d154ff5a51c6b6adee509b66fe1c1d37c

  • SSDEEP

    384:BmOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3u:TFdGdkrgYRwWS9rM+rMRa8NuwGt

Score
10/10
njrathackedevasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:13489

Mutex

a90cfc1b97e007a691935d259e86864a

Attributes
  • reg_key

    a90cfc1b97e007a691935d259e86864a

  • splitter

    |'|'|

Targets

    • Target

      000ecfed34691ea984216886f22b41c7.exe

    • Size

      37KB

    • MD5

      000ecfed34691ea984216886f22b41c7

    • SHA1

      931acbd3c5663d7db6c6e0e741866c33517af684

    • SHA256

      5a8b428d40e0e947b18c0dd00eb390fa02cb8b8b5e9acf64b476a4f0f9970772

    • SHA512

      d34d69e43803d03c108c8f9635a0430a658f1f3296b7ce45dfda224da297b67528a4814fb6aafbd0405ef039fbc6cc0d154ff5a51c6b6adee509b66fe1c1d37c

    • SSDEEP

      384:BmOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3u:TFdGdkrgYRwWS9rM+rMRa8NuwGt

    Score
    8/10
    evasion
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks