General

  • Target

    b8f8323ffe1e53ad1993f6f0fc91d38c.exe

  • Size

    93KB

  • Sample

    230606-2wnhksgf2v

  • MD5

    b8f8323ffe1e53ad1993f6f0fc91d38c

  • SHA1

    2c9fc140de6f527fd62482428c89b3b8a9e0b2ab

  • SHA256

    016404b6167e37de1d2ca10010bab8b33dd102eca84b6e49d62f28a082004732

  • SHA512

    d53990669b279c7a537a04e83f21410fc0e7824dd41700fb3d09496ffcf2934a4b2b05cd6be000873ddf786b39ddfc55685b692e5293d915e14a1cc082b8fb14

  • SSDEEP

    1536:Cl+C+xhUa9urgOBPmNvM4jEwzGi1dDdDkgS:ClIUa9urgOkdGi1dJd

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

FRANSESCOi50Y3AuZXUubmdyb2suaW8Strik:MTgyNjA=

Mutex

3c9c1181669ca28d9218c8feaefa24d5

Attributes
  • reg_key

    3c9c1181669ca28d9218c8feaefa24d5

  • splitter

    |'|'|

Targets

    • Target

      b8f8323ffe1e53ad1993f6f0fc91d38c.exe

    • Size

      93KB

    • MD5

      b8f8323ffe1e53ad1993f6f0fc91d38c

    • SHA1

      2c9fc140de6f527fd62482428c89b3b8a9e0b2ab

    • SHA256

      016404b6167e37de1d2ca10010bab8b33dd102eca84b6e49d62f28a082004732

    • SHA512

      d53990669b279c7a537a04e83f21410fc0e7824dd41700fb3d09496ffcf2934a4b2b05cd6be000873ddf786b39ddfc55685b692e5293d915e14a1cc082b8fb14

    • SSDEEP

      1536:Cl+C+xhUa9urgOBPmNvM4jEwzGi1dDdDkgS:ClIUa9urgOkdGi1dJd

    Score
    8/10
    • Modifies Windows Firewall

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Command and Control

Web Service

1
T1102

Tasks