General
-
Target
e43a7ad7f9b0b0aba1bccfa59a1fc261feae039a3d5ddb0d3fb659dad3020eb8
-
Size
16KB
-
Sample
240419-v8ktwsah73
-
MD5
b4cf2cc046b57654e7877de0c3d806af
-
SHA1
361d5a7f274a37f62999649c2fe4dd19c3467592
-
SHA256
e43a7ad7f9b0b0aba1bccfa59a1fc261feae039a3d5ddb0d3fb659dad3020eb8
-
SHA512
3925cd5eff817a31abd970ffebf9629ea16420392d5a117dafcd6e551978cf1c4d7ab3c31f325c6f9e6ee186804d3d0895e98cec9e3c503a1c7a5e6299ec4f18
-
SSDEEP
384:+LG8z5gP77IfW2JOUwZgReS9GhbV27YxNxYe1x5VaDAsTF:+a85E7I1JFGgReS9G5xPYe1vVaDA2
Behavioral task
behavioral1
Sample
780fb69b0fe5c6bd10671e12e3fe12662999503e3a4d18c0c6d7b0b316661846.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
780fb69b0fe5c6bd10671e12e3fe12662999503e3a4d18c0c6d7b0b316661846.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
njrat
im523
HacKed
0.tcp.eu.ngrok.io:18335
8aa77e32fd8a52c53e1795fcb8a0a489
-
reg_key
8aa77e32fd8a52c53e1795fcb8a0a489
-
splitter
|'|'|
Targets
-
-
Target
780fb69b0fe5c6bd10671e12e3fe12662999503e3a4d18c0c6d7b0b316661846.exe
-
Size
37KB
-
MD5
2ddcfc73f56bceea535675df9f6d51e8
-
SHA1
566e007efa6ee44fd26cb86b31343caebb1b2e7e
-
SHA256
780fb69b0fe5c6bd10671e12e3fe12662999503e3a4d18c0c6d7b0b316661846
-
SHA512
de20a4b4212130acb2ac8366157e689e207d28839b0f762076e16b4c71ebb1711ff5b19bc0af5e9f2d95c19eb148bbcd78bf9b16fb8dd607e67590f9ff37b377
-
SSDEEP
384:UOSvEiTbTvpWNcZ0y8fvCv3v3cLkacpjrAF+rMRTyN/0L+EcoinblneHQM3epzXi:FS7TZ38fvCv3E1c1rM+rMRa8Nu5+t
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1