Resubmissions

02/02/2024, 16:49

240202-vb6p4aaga2 10

02/02/2024, 16:46

240202-vadmxschdj 10

General

  • Target

    8a06ddbe5bd6bb0e047a3025afec922c8424ede9fdc26b2874a902643f73192f

  • Size

    103KB

  • Sample

    240202-vadmxschdj

  • MD5

    c019c992ea8539b01b08acf9648d46af

  • SHA1

    fc77c99ce39a0b1dd39b906b218b1f3c1abc50ad

  • SHA256

    8a06ddbe5bd6bb0e047a3025afec922c8424ede9fdc26b2874a902643f73192f

  • SHA512

    1cbbb3a7fca1118d10437e3a092dae0fefec87c6bccc63ba1ad4ace363eaeaca909fb77a8e6e1ae76d31379a3c9684d89eb114e3f5e7502ec10df9f1f19324dd

  • SSDEEP

    768:7ZTJ95M+296qalGorM+rMRa8NuHJtltr9HZlJCznzySQ/:75J9OQqaIz+gRJNg7R5lkTzZQ

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

school 12

C2

after-coordinated.gl.at.ply.gg:56591

Mutex

9cab6cd2c9a56529a868b8bbbea50738

Attributes
  • reg_key

    9cab6cd2c9a56529a868b8bbbea50738

  • splitter

    |'|'|

Targets

    • Target

      8a06ddbe5bd6bb0e047a3025afec922c8424ede9fdc26b2874a902643f73192f

    • Size

      103KB

    • MD5

      c019c992ea8539b01b08acf9648d46af

    • SHA1

      fc77c99ce39a0b1dd39b906b218b1f3c1abc50ad

    • SHA256

      8a06ddbe5bd6bb0e047a3025afec922c8424ede9fdc26b2874a902643f73192f

    • SHA512

      1cbbb3a7fca1118d10437e3a092dae0fefec87c6bccc63ba1ad4ace363eaeaca909fb77a8e6e1ae76d31379a3c9684d89eb114e3f5e7502ec10df9f1f19324dd

    • SSDEEP

      768:7ZTJ95M+296qalGorM+rMRa8NuHJtltr9HZlJCznzySQ/:75J9OQqaIz+gRJNg7R5lkTzZQ

    Score
    8/10
    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks