General

  • Target

    b701e3585e852755624bc4965e7af509.bin

  • Size

    16KB

  • Sample

    230608-b7ndvaba8x

  • MD5

    7a74efb97d0e3c7afd1f8b8d466d89a6

  • SHA1

    731eede7041b2ba656d2b0956e54f9bfd8b6e206

  • SHA256

    b84f42800a534af7460f893bff73a5a8ef062c6db39908338250030534a2055e

  • SHA512

    847fa53b37c287b82a662f979737d1823e229d8754d4d33f05d034031a8d0b1c99dfe9f329c85ef78bacf5774d8c9e9597526399107173d532c8e1ccfa1444ca

  • SSDEEP

    384:trua3k3BkkhjqwkG7K/pJc8TCVxGxl3lvHUCyzmGb3U/xhy:taa5khj57K/j8slt0CY3U/ny

Score
10/10

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

4.tcp.eu.ngrok.io:19554

Mutex

a3e3a48b4a1c3f8d4bc114e02152973f

Attributes
  • reg_key

    a3e3a48b4a1c3f8d4bc114e02152973f

  • splitter

    |'|'|

Targets

    • Target

      e79459dc4c5898824dc2d32d24bcd0156e699fbdafb68ba6e5daa43cce5cbdda.exe

    • Size

      37KB

    • MD5

      b701e3585e852755624bc4965e7af509

    • SHA1

      38f7bee5480c1f5d0b08d7d072c0980971a9eda9

    • SHA256

      e79459dc4c5898824dc2d32d24bcd0156e699fbdafb68ba6e5daa43cce5cbdda

    • SHA512

      99c57bb8d95a1a5654ab962de3de516552ef6652cad0169ba54a79b9371986fea60171e5e8ef0ccd2f871c766f36c3cb9a19ddd6de464d871ec3262cb584ae95

    • SSDEEP

      384:IKwCT0i9rdTe/kCOyU7jcnZ8DfmTgrAF+rMRTyN/0L+EcoinblneHQM3epzXKNrW:h1J1CFU7jcC7m8rM+rMRa8NuYot

    Score
    8/10
    • Modifies Windows Firewall

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Command and Control

Web Service

1
T1102

Tasks