Overview

overview

10

Static

static

3

8e2a38c6cc...78.exe

windows7-x64

10

8e2a38c6cc...78.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    0s
  • max time network
    31s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-02-2024 04:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e2a38c6cccf6fbb76bdb2a1726ed878.exe

  • Size

    110KB

  • MD5

    8e2a38c6cccf6fbb76bdb2a1726ed878

  • SHA1

    b69e5d43aa0502c27ff7c6e860c31515af52ff7b

  • SHA256

    5e8ce92857793e8893c63bc4d032dabf6b1ab7458b0e4485e0feefed397cf205

  • SHA512

    cf6d69cf1795e1e1b096683a5acd4f3c7053dd9fe77f35c5f5dea16e5948e36680275616ebb3d327e2360e848b6c9548e1b04070a0b4dab51b0261f63b5f4377

  • SSDEEP

    3072:skjgSGGOZ1NDkBLru6HqdAGc/dw/J+jm:LgSyktrV/dQ

Score
10/10
njrat4evasiontrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

4

C2

rlawlsl154.codns.com:443

Mutex

a695e871b7f2f081334e678e67df6a28

Attributes
  • reg_key

    a695e871b7f2f081334e678e67df6a28

  • splitter

    |'|'|

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e2a38c6cccf6fbb76bdb2a1726ed878.exe
    "C:\Users\Admin\AppData\Local\Temp\8e2a38c6cccf6fbb76bdb2a1726ed878.exe"
    1⤵
      PID:3392
      • C:\Windows\SysWOW64\netsh.exe
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\8e2a38c6cccf6fbb76bdb2a1726ed878.exe" "8e2a38c6cccf6fbb76bdb2a1726ed878.exe" ENABLE
        2⤵
        • Modifies Windows Firewall
        PID:3364

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3392-1-0x0000000074EF0000-0x00000000756A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3392-2-0x00000000053D0000-0x000000000546C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/3392-0-0x0000000000A10000-0x0000000000A32000-memory.dmp

      Filesize

      136KB

      Download

    • memory/3392-3-0x0000000002D30000-0x0000000002D40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3392-4-0x0000000005A90000-0x0000000006034000-memory.dmp

      Filesize

      5.6MB

      Download