Overview

overview

10

Static

static

10

780fb69b0f...46.exe

windows7-x64

8

780fb69b0f...46.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e43a7ad7f9b0b0aba1bccfa59a1fc261feae039a3d5ddb0d3fb659dad3020eb8

  • Size

    16KB

  • Sample

    240419-v8ktwsah73

  • MD5

    b4cf2cc046b57654e7877de0c3d806af

  • SHA1

    361d5a7f274a37f62999649c2fe4dd19c3467592

  • SHA256

    e43a7ad7f9b0b0aba1bccfa59a1fc261feae039a3d5ddb0d3fb659dad3020eb8

  • SHA512

    3925cd5eff817a31abd970ffebf9629ea16420392d5a117dafcd6e551978cf1c4d7ab3c31f325c6f9e6ee186804d3d0895e98cec9e3c503a1c7a5e6299ec4f18

  • SSDEEP

    384:+LG8z5gP77IfW2JOUwZgReS9GhbV27YxNxYe1x5VaDAsTF:+a85E7I1JFGgReS9G5xPYe1vVaDA2

Score
10/10
njrathackedevasionpersistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:18335

Mutex

8aa77e32fd8a52c53e1795fcb8a0a489

Attributes
  • reg_key

    8aa77e32fd8a52c53e1795fcb8a0a489

  • splitter

    |'|'|

Targets

    • Target

      780fb69b0fe5c6bd10671e12e3fe12662999503e3a4d18c0c6d7b0b316661846.exe

    • Size

      37KB

    • MD5

      2ddcfc73f56bceea535675df9f6d51e8

    • SHA1

      566e007efa6ee44fd26cb86b31343caebb1b2e7e

    • SHA256

      780fb69b0fe5c6bd10671e12e3fe12662999503e3a4d18c0c6d7b0b316661846

    • SHA512

      de20a4b4212130acb2ac8366157e689e207d28839b0f762076e16b4c71ebb1711ff5b19bc0af5e9f2d95c19eb148bbcd78bf9b16fb8dd607e67590f9ff37b377

    • SSDEEP

      384:UOSvEiTbTvpWNcZ0y8fvCv3v3cLkacpjrAF+rMRTyN/0L+EcoinblneHQM3epzXi:FS7TZ38fvCv3E1c1rM+rMRa8Nu5+t

    Score
    8/10
    evasionpersistence

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks