Overview

overview

10

Static

static

10

Server.exe

windows7-x64

8

Server.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Server.exe

  • Size

    36KB

  • Sample

    230607-gksypshe8w

  • MD5

    da332c85afedb0fb2fcde8b4076b925c

  • SHA1

    c938c87d5d805e7be993f896a4df857debb3a1a7

  • SHA256

    fbb05c261096220dff4705d9ef5ffa9edf1ceaf06bbe13a5a6a0fd32b805b4c1

  • SHA512

    517100f04cdae13ade4a2fc973e08a040637ae0e43117a423d73ce3f58ca6e7f3d1965717b1622feee74ae7fc496537ffbcf87f76582065c4f4ed285a035ff3c

  • SSDEEP

    384:pmOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3a:7FdGdkrgYRwWS9rM+rMRa8NuBht

Score
10/10
njrathackedevasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

5.tcp.eu.ngrok.io:13720

Mutex

8e881e27f729ddc051903511c998ac73

Attributes
  • reg_key

    8e881e27f729ddc051903511c998ac73

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      36KB

    • MD5

      da332c85afedb0fb2fcde8b4076b925c

    • SHA1

      c938c87d5d805e7be993f896a4df857debb3a1a7

    • SHA256

      fbb05c261096220dff4705d9ef5ffa9edf1ceaf06bbe13a5a6a0fd32b805b4c1

    • SHA512

      517100f04cdae13ade4a2fc973e08a040637ae0e43117a423d73ce3f58ca6e7f3d1965717b1622feee74ae7fc496537ffbcf87f76582065c4f4ed285a035ff3c

    • SSDEEP

      384:pmOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3a:7FdGdkrgYRwWS9rM+rMRa8NuBht

    Score
    8/10
    evasion

    • Modifies Windows Firewall

      evasion

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks