General

  • Target

    dbb13d0d4e7b60052b0bac74928c67c31bbf59e106b832320dd30da03ba40a7e

  • Size

    37KB

  • Sample

    240414-cp2desdc82

  • MD5

    861dd8f883d6823db2a0f4f3cdcf78df

  • SHA1

    3b5418016d9b935d19c1a985b92c5c338e5b4223

  • SHA256

    dbb13d0d4e7b60052b0bac74928c67c31bbf59e106b832320dd30da03ba40a7e

  • SHA512

    214ac7292b2d81699c3cb71cb38a1bdfa5c2a4351531d7afef5712ddd067be003ae1ec193f44360661ec1976b3a1a411a7480d982601389b5078f45d0456abb7

  • SSDEEP

    384:pi2KMizdVjnBhFbJ8ycPN/fnnwacprrAF+rMRTyN/0L+EcoinblneHQM3epzXiNL:Q2gVlLJfcPN/flcNrM+rMRa8Nukft

Score
10/10

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Bypassed

C2

0.tcp.eu.ngrok.io:17231

Mutex

f9c28378d0a3ca2121afafc0011b6028

Attributes
  • reg_key

    f9c28378d0a3ca2121afafc0011b6028

  • splitter

    |'|'|

Targets

    • Target

      dbb13d0d4e7b60052b0bac74928c67c31bbf59e106b832320dd30da03ba40a7e

    • Size

      37KB

    • MD5

      861dd8f883d6823db2a0f4f3cdcf78df

    • SHA1

      3b5418016d9b935d19c1a985b92c5c338e5b4223

    • SHA256

      dbb13d0d4e7b60052b0bac74928c67c31bbf59e106b832320dd30da03ba40a7e

    • SHA512

      214ac7292b2d81699c3cb71cb38a1bdfa5c2a4351531d7afef5712ddd067be003ae1ec193f44360661ec1976b3a1a411a7480d982601389b5078f45d0456abb7

    • SSDEEP

      384:pi2KMizdVjnBhFbJ8ycPN/fnnwacprrAF+rMRTyN/0L+EcoinblneHQM3epzXiNL:Q2gVlLJfcPN/flcNrM+rMRa8Nukft

    Score
    8/10
    • Modifies Windows Firewall

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks