Overview

overview

10

Static

static

10

Server.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Server.exe

  • Size

    93KB

  • Sample

    231202-xbsvcaeh65

  • MD5

    06b07ccea764969e99b0078f16b602d8

  • SHA1

    4d046fdee155d8a4004b9dbb8b57d19ab4fe1080

  • SHA256

    09231be6b350e58a5bf3eecad7d265827d1196f08a957a9d4e54f0740e775062

  • SHA512

    fb7dc5ad85045ab55fa2291be9dbcba2d576ef4b0f412352d6cc07ad1591cb07de1fcee7d1349fa9690c57b6f89cea44025b71501174b5c68da67935664167d6

  • SSDEEP

    768:9Y3repD9O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk36sGo:geLOx6baIa9RPj00ljEwzGi1dDWDCgS

Score
10/10
njrathackedevasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

6.tcp.eu.ngrok.io:13003
Mutex

39e457ed33ca4b59270cb29bb81aad59

Attributes
  • reg_key

    39e457ed33ca4b59270cb29bb81aad59

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      93KB

    • MD5

      06b07ccea764969e99b0078f16b602d8

    • SHA1

      4d046fdee155d8a4004b9dbb8b57d19ab4fe1080

    • SHA256

      09231be6b350e58a5bf3eecad7d265827d1196f08a957a9d4e54f0740e775062

    • SHA512

      fb7dc5ad85045ab55fa2291be9dbcba2d576ef4b0f412352d6cc07ad1591cb07de1fcee7d1349fa9690c57b6f89cea44025b71501174b5c68da67935664167d6

    • SSDEEP

      768:9Y3repD9O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk36sGo:geLOx6baIa9RPj00ljEwzGi1dDWDCgS

    Score
    8/10
    evasion

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks