Overview

overview

10

Static

static

10

lol.exe

windows7-x64

7

lol.exe

windows7-x64

7

lol.exe

windows10-1703-x64

7

lol.exe

windows10-2004-x64

7

lol.exe

windows11-21h2-x64

7

Resubmissions

23-02-2024 15:00

240223-sdjx1ace7v 10

23-02-2024 14:44

240223-r4hbesbc58 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lol.exe

  • Size

    214KB

  • Sample

    240223-sdjx1ace7v

  • MD5

    bd367e4170e17df14b5a6a15cdfd79b0

  • SHA1

    206cb6b1336d890e2bb8f4f36cf27b9d78ca8b1a

  • SHA256

    1b0fb3b5cd0ff954ab04c5502d0be2270181da75cca92f84ab91e4142745ed56

  • SHA512

    c62163ea1be9652862112116200ca0153737b7af6b1439b820687c4bbaf52fb616c70bbd3ca55dfe3d24a178a99d831ef6819e685de5e838473b26ea6281b5f6

  • SSDEEP

    6144:DXP9zPvM92B+64kQ2EJam2dNREz9FdOZMJwGuE4QyZom8exsrPR5TE7D0XuDTTo6:DX5s2B+64kQHam2dNREz9FdOZMJwGuEu

Score
10/10
njrathackedpersistence

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:12607

Mutex

Client.exe

Attributes
  • reg_key

    Client.exe

  • splitter

    |Ghost|

Targets

    • Target

      lol.exe

    • Size

      214KB

    • MD5

      bd367e4170e17df14b5a6a15cdfd79b0

    • SHA1

      206cb6b1336d890e2bb8f4f36cf27b9d78ca8b1a

    • SHA256

      1b0fb3b5cd0ff954ab04c5502d0be2270181da75cca92f84ab91e4142745ed56

    • SHA512

      c62163ea1be9652862112116200ca0153737b7af6b1439b820687c4bbaf52fb616c70bbd3ca55dfe3d24a178a99d831ef6819e685de5e838473b26ea6281b5f6

    • SSDEEP

      6144:DXP9zPvM92B+64kQ2EJam2dNREz9FdOZMJwGuE4QyZom8exsrPR5TE7D0XuDTTo6:DX5s2B+64kQHam2dNREz9FdOZMJwGuEu

    Score
    7/10
    persistence

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks