Overview

overview

10

Static

static

10

2.exe

windows7-x64

8

2.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2.exe

  • Size

    37KB

  • Sample

    221208-xwjr6sea4y

  • MD5

    f7499a1ad41616f5f4849fa3d403df47

  • SHA1

    d7a6b5c4f1f16d042b2d28eefa46ee60b1e7bcec

  • SHA256

    ff99d86acf5f36a124b1329dc3ea49abd6ffb679465445e6fc8de0ef9f6c06d6

  • SHA512

    eb222c25e2f80cadcc956e1b70ba30cc99de88e4a3ad20a6c521ea8161ef188c5182548c14be2217c8de2fa5a93c06a4501765fac63e88894ac83c61fb4ea9c2

  • SSDEEP

    768:2DkSdCNhszSDSMOxsIqrM+rMRa8Nus4t:2wSdCNGySMOZV+gRJN7

Score
10/10
njrathackedevasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

129.159.194.161:5552

Mutex

e0ef64ed7efb9c09f4b5c1fafef16128

Attributes
  • reg_key

    e0ef64ed7efb9c09f4b5c1fafef16128

  • splitter

    |'|'|

Targets

    • Target

      2.exe

    • Size

      37KB

    • MD5

      f7499a1ad41616f5f4849fa3d403df47

    • SHA1

      d7a6b5c4f1f16d042b2d28eefa46ee60b1e7bcec

    • SHA256

      ff99d86acf5f36a124b1329dc3ea49abd6ffb679465445e6fc8de0ef9f6c06d6

    • SHA512

      eb222c25e2f80cadcc956e1b70ba30cc99de88e4a3ad20a6c521ea8161ef188c5182548c14be2217c8de2fa5a93c06a4501765fac63e88894ac83c61fb4ea9c2

    • SSDEEP

      768:2DkSdCNhszSDSMOxsIqrM+rMRa8Nus4t:2wSdCNGySMOZV+gRJN7

    Score
    8/10
    evasion

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks