Overview

overview

10

Static

static

10

0c4a0b73ab...1a.exe

windows7-x64

8

0c4a0b73ab...1a.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c4a0b73ab18048c669f89d54ef9951a.exe

  • Size

    36KB

  • Sample

    221130-3b14lsea44

  • MD5

    0c4a0b73ab18048c669f89d54ef9951a

  • SHA1

    9a8075230f8b0ca5f4137648d98d7425664e423a

  • SHA256

    c6cded3064fbdc89fdf8f8393686caa9e988e109ddf105b9ec0a69b3ca69a29f

  • SHA512

    b127ac85456e8519b5014ec5a34e5a961eff515afa28eead14048a143d302eb431eca6200d87fb31bb147f7977563f758fda9117e9de2a297dd3c5dfbda3341a

  • SSDEEP

    384:bmOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3S:BFdGdkrgYRwWS9rM+rMRa8NukWt

Score
10/10
njrathackedevasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

4.tcp.eu.ngrok.io:17049

Mutex

6ef4616d23d1114de4f7c807578ced5f

Attributes
  • reg_key

    6ef4616d23d1114de4f7c807578ced5f

  • splitter

    |'|'|

Targets

    • Target

      0c4a0b73ab18048c669f89d54ef9951a.exe

    • Size

      36KB

    • MD5

      0c4a0b73ab18048c669f89d54ef9951a

    • SHA1

      9a8075230f8b0ca5f4137648d98d7425664e423a

    • SHA256

      c6cded3064fbdc89fdf8f8393686caa9e988e109ddf105b9ec0a69b3ca69a29f

    • SHA512

      b127ac85456e8519b5014ec5a34e5a961eff515afa28eead14048a143d302eb431eca6200d87fb31bb147f7977563f758fda9117e9de2a297dd3c5dfbda3341a

    • SSDEEP

      384:bmOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3S:BFdGdkrgYRwWS9rM+rMRa8NukWt

    Score
    8/10
    evasion
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks