General

  • Target

    26c02313299a6a4866396af8fc1c4133.exe

  • Size

    37KB

  • Sample

    240227-qag8wsaa4x

  • MD5

    26c02313299a6a4866396af8fc1c4133

  • SHA1

    8fa90258c90058b9a03fd7cc29160182295fda33

  • SHA256

    f7c3bed0ae375fc2b1e1e113ef82dc523f592f15b28f66737792086f88585e98

  • SHA512

    425350e1a322b4e72f3bdd20185f5cd0818162cdcc50bdc9f38fa1d2b4844f481431f99a104c111e5e3df747576b9929d87bf34b47b1d25f5cd24469ba96403f

  • SSDEEP

    384:ymOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3K:cFdGdkrgYRwWS9rM+rMRa8NuN5t

Score
10/10

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:12780

Mutex

459b5b94cb00459c0ce699313ec85b5f

Attributes
  • reg_key

    459b5b94cb00459c0ce699313ec85b5f

  • splitter

    |'|'|

Targets

    • Target

      26c02313299a6a4866396af8fc1c4133.exe

    • Size

      37KB

    • MD5

      26c02313299a6a4866396af8fc1c4133

    • SHA1

      8fa90258c90058b9a03fd7cc29160182295fda33

    • SHA256

      f7c3bed0ae375fc2b1e1e113ef82dc523f592f15b28f66737792086f88585e98

    • SHA512

      425350e1a322b4e72f3bdd20185f5cd0818162cdcc50bdc9f38fa1d2b4844f481431f99a104c111e5e3df747576b9929d87bf34b47b1d25f5cd24469ba96403f

    • SSDEEP

      384:ymOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3K:cFdGdkrgYRwWS9rM+rMRa8NuN5t

    Score
    8/10
    • Modifies Windows Firewall

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks