Overview

overview

10

Static

static

10

39dda22bc0...b8.exe

windows7-x64

8

39dda22bc0...b8.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    39dda22bc0baa6be16a26d21b7cd12b8.exe

  • Size

    37KB

  • Sample

    230324-e45eqsec3x

  • MD5

    39dda22bc0baa6be16a26d21b7cd12b8

  • SHA1

    2a38beffbd14f58bd91c9530959cd7e832a12799

  • SHA256

    38d653d1792cc05fae43f3c9a5dfae6910dc904647de5e1cadf31fca9a7dcee3

  • SHA512

    3b6832055b2ccc5fa6e283c9baec0173c603714fb2b677124c5bb9d1a222239e4ed155e5fce0a02998a7c86e935fd9b7762b2e22abebffb86fd426ca3bc5aff7

  • SSDEEP

    384:QmOs0IiejvCVLO309QmykrtG+dA+VfwvOSifrAF+rMRTyN/0L+EcoinblneHQM35:GFdGdkrgYRwWS0rM+rMRa8Nu3+t

Score
10/10
njrathackedevasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

4.tcp.eu.ngrok.io:12756

Mutex

34ea45b0fdde5eeb382b70b544d1185b

Attributes
  • reg_key

    34ea45b0fdde5eeb382b70b544d1185b

  • splitter

    |'|'|

Targets

    • Target

      39dda22bc0baa6be16a26d21b7cd12b8.exe

    • Size

      37KB

    • MD5

      39dda22bc0baa6be16a26d21b7cd12b8

    • SHA1

      2a38beffbd14f58bd91c9530959cd7e832a12799

    • SHA256

      38d653d1792cc05fae43f3c9a5dfae6910dc904647de5e1cadf31fca9a7dcee3

    • SHA512

      3b6832055b2ccc5fa6e283c9baec0173c603714fb2b677124c5bb9d1a222239e4ed155e5fce0a02998a7c86e935fd9b7762b2e22abebffb86fd426ca3bc5aff7

    • SSDEEP

      384:QmOs0IiejvCVLO309QmykrtG+dA+VfwvOSifrAF+rMRTyN/0L+EcoinblneHQM35:GFdGdkrgYRwWS0rM+rMRa8Nu3+t

    Score
    8/10
    evasion

    • Modifies Windows Firewall

      evasion

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks