Resubmissions

25-02-2024 04:58

240225-flvy1scg6z 10

23-02-2024 22:16

240223-165zyaab42 10

23-02-2024 14:27

240223-rsk8yaba65 10

General

  • Target

    NOT A VIRUS.exe

  • Size

    214KB

  • Sample

    240223-rsk8yaba65

  • MD5

    e431cae2c2e7c1d50e2264102d898310

  • SHA1

    7eae6955815fda22dd9ed02302d5f0ca4596854f

  • SHA256

    ff86000c39c061650d004894837d8f618d0724ce3b2a2ef24072c784b2ceb67f

  • SHA512

    74be155fefe642006b7df93aeef53ba34cb950d6172d40782de768ef7437061491b63e7950ef1038d8dbec70e60fa900ce212fd804fb9cb555f337176d99cb1c

  • SSDEEP

    6144:4hQ9z8vM92B+64kQ2EJam2dNREz9FdOZMJwGuE4QyZom8exsrPR5TE7D0XuDTTo6:4hDs2B+64kQHam2dNREz9FdOZMJwGuEu

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:12607

Mutex

Client.exe

Attributes
  • reg_key

    Client.exe

  • splitter

    |Ghost|

Targets

    • Target

      NOT A VIRUS.exe

    • Size

      214KB

    • MD5

      e431cae2c2e7c1d50e2264102d898310

    • SHA1

      7eae6955815fda22dd9ed02302d5f0ca4596854f

    • SHA256

      ff86000c39c061650d004894837d8f618d0724ce3b2a2ef24072c784b2ceb67f

    • SHA512

      74be155fefe642006b7df93aeef53ba34cb950d6172d40782de768ef7437061491b63e7950ef1038d8dbec70e60fa900ce212fd804fb9cb555f337176d99cb1c

    • SSDEEP

      6144:4hQ9z8vM92B+64kQ2EJam2dNREz9FdOZMJwGuE4QyZom8exsrPR5TE7D0XuDTTo6:4hDs2B+64kQHam2dNREz9FdOZMJwGuEu

    Score
    7/10
    • Drops startup file

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks