Overview

overview

10

Static

static

10

0258f62628...3b.exe

windows7-x64

8

0258f62628...3b.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0258f6262873cbc3e440d20bbd78f23b.exe

  • Size

    37KB

  • Sample

    230322-vj4kpsac22

  • MD5

    0258f6262873cbc3e440d20bbd78f23b

  • SHA1

    440f32206b9cf333feecace85c9d1924ea7fc95f

  • SHA256

    dd50128d3b167ad7bc5970a95f9dcac2870df3adb3da48c849d0af9ddc410b24

  • SHA512

    96190e88fc4ddca5c9efb331817bd2b3b40fb9263559f3c011ddde31ee89eab017f1d5a3ffc34158a3e45e7bc447929c9cf031f28a918edd4cd2c3216578be6e

  • SSDEEP

    384:qmO/0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3c:0mdGdkrgYRwWS9rM+rMRa8NuEgbt

Score
10/10
njrathackedevasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

6.tcp.eu.ngrok.io:12582

Mutex

e8c302b03f0a7d6387b5ade6765f0ff8

Attributes
  • reg_key

    e8c302b03f0a7d6387b5ade6765f0ff8

  • splitter

    |'|'|

Targets

    • Target

      0258f6262873cbc3e440d20bbd78f23b.exe

    • Size

      37KB

    • MD5

      0258f6262873cbc3e440d20bbd78f23b

    • SHA1

      440f32206b9cf333feecace85c9d1924ea7fc95f

    • SHA256

      dd50128d3b167ad7bc5970a95f9dcac2870df3adb3da48c849d0af9ddc410b24

    • SHA512

      96190e88fc4ddca5c9efb331817bd2b3b40fb9263559f3c011ddde31ee89eab017f1d5a3ffc34158a3e45e7bc447929c9cf031f28a918edd4cd2c3216578be6e

    • SSDEEP

      384:qmO/0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3c:0mdGdkrgYRwWS9rM+rMRa8NuEgbt

    Score
    8/10
    evasion

    • Modifies Windows Firewall

      evasion

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks