General
-
Target
NEAS.dab7cfa3c3900c6ad3353c73ba8e4303f34ccd889ff965be2a486ea333d63b67exe_JC.exe
-
Size
37KB
-
Sample
231103-w3tehsgc3z
-
MD5
bbe26fa1ddb25ca5340b37ba9dcf761e
-
SHA1
d67cab6c170ac3df308fe072c16ff177aca19797
-
SHA256
dab7cfa3c3900c6ad3353c73ba8e4303f34ccd889ff965be2a486ea333d63b67
-
SHA512
c43bf767f8049bf4a0b37bbcb207c232fac6328799cc959a49f941dbe0b91fd586ca081719cf34c453e58fb5c5842fba9d6ed3b438425a77323ebb411dbb539d
-
SSDEEP
384:b0SvEiTbTvpWNcZ0y8fvCv3v3cLkacpjrAF+rMRTyN/0L+EcoinblneHQM3epzXs:gS7TZ38fvCv3E1c1rM+rMRa8NuD+t
Malware Config
Extracted
njrat
im523
death
0.tcp.eu.ngrok.io:11337
b6bdd5ec3f1a7b771f735d156cc0bc96
-
reg_key
b6bdd5ec3f1a7b771f735d156cc0bc96
-
splitter
|'|'|
Targets
-
-
Target
NEAS.dab7cfa3c3900c6ad3353c73ba8e4303f34ccd889ff965be2a486ea333d63b67exe_JC.exe
-
Size
37KB
-
MD5
bbe26fa1ddb25ca5340b37ba9dcf761e
-
SHA1
d67cab6c170ac3df308fe072c16ff177aca19797
-
SHA256
dab7cfa3c3900c6ad3353c73ba8e4303f34ccd889ff965be2a486ea333d63b67
-
SHA512
c43bf767f8049bf4a0b37bbcb207c232fac6328799cc959a49f941dbe0b91fd586ca081719cf34c453e58fb5c5842fba9d6ed3b438425a77323ebb411dbb539d
-
SSDEEP
384:b0SvEiTbTvpWNcZ0y8fvCv3v3cLkacpjrAF+rMRTyN/0L+EcoinblneHQM3epzXs:gS7TZ38fvCv3E1c1rM+rMRa8NuD+t
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1