Overview

overview

10

Static

static

10

Umbrella.flv.exe

windows7-x64

8

Umbrella.flv.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Umbrella.flv.exe

  • Size

    93KB

  • Sample

    231203-tcqjtscf57

  • MD5

    9c8cfc8027b21ff03525c1880ed347c1

  • SHA1

    3565ba9d14ab917ed66625a968bef184089e3c32

  • SHA256

    76231f72576c98527990b748706fd506d2fed084d12ebdc7b4e7952d1859e236

  • SHA512

    dbc67bc5c71bc69010db8fa4d94e574f6b804216236b77af35d0f493230d5049716ed28a25256790ecfec8b33c02ad7f6b57c664c35d1b7dec899495eb089aac

  • SSDEEP

    768:mHY3Oxqctib5nkPQW63m/HsqmGzh+IxvXnKN2tfKkXxrjEtCdnl2pi1Rz4Rk3+ir:ox3iFqHsJE4I15tTjEwzGi1dDPDbgS

Score
10/10
njrathackedevasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

/0.tcp.eu.ngrok.io:13000
Mutex

01d59f5df160e737b4f48d99a25a641a

Attributes
  • reg_key

    01d59f5df160e737b4f48d99a25a641a

  • splitter

    |'|'|

Targets

    • Target

      Umbrella.flv.exe

    • Size

      93KB

    • MD5

      9c8cfc8027b21ff03525c1880ed347c1

    • SHA1

      3565ba9d14ab917ed66625a968bef184089e3c32

    • SHA256

      76231f72576c98527990b748706fd506d2fed084d12ebdc7b4e7952d1859e236

    • SHA512

      dbc67bc5c71bc69010db8fa4d94e574f6b804216236b77af35d0f493230d5049716ed28a25256790ecfec8b33c02ad7f6b57c664c35d1b7dec899495eb089aac

    • SSDEEP

      768:mHY3Oxqctib5nkPQW63m/HsqmGzh+IxvXnKN2tfKkXxrjEtCdnl2pi1Rz4Rk3+ir:ox3iFqHsJE4I15tTjEwzGi1dDPDbgS

    Score
    8/10
    evasion

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks