Overview

overview

10

Static

static

10

sarver.rar

windows10-2004-x64

3

sarver/Server.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sarver.rar

  • Size

    16KB

  • Sample

    240424-wsavesef69

  • MD5

    a2542eb45d7c4991d36c1e33b15cfa62

  • SHA1

    7494ec2ce175a27c05fddd90d703e0c848e87de2

  • SHA256

    b2e2ad78c03f7dd9cb371858ad99ec131eab72ddbe37e4cc9c12e6c99d15707c

  • SHA512

    063d2e1e0fa34ac5e9a849ee19400e6852098c719d55102c5c99cfdcb06c354940a5d1bcd2e9285fc091a12c404c49dc90f296cb49e57a1bd39e7a0accad7caf

  • SSDEEP

    384:hbeYSo+0xDR7Vr69i5SiQm81My/+N5Op61iw3vgpJY0mwYwAthL8tfRCiW:hbeXoxFVr6k8iQfM5N5Op61iSkhm4Att

Score
10/10
njrathackedevasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

aboft7e.ddns.net:8080

Mutex

821d279469408d6fe1b46c282ee1cc19

Attributes
  • reg_key

    821d279469408d6fe1b46c282ee1cc19

  • splitter

    |'|'|

Targets

    • Target

      sarver.rar

    • Size

      16KB

    • MD5

      a2542eb45d7c4991d36c1e33b15cfa62

    • SHA1

      7494ec2ce175a27c05fddd90d703e0c848e87de2

    • SHA256

      b2e2ad78c03f7dd9cb371858ad99ec131eab72ddbe37e4cc9c12e6c99d15707c

    • SHA512

      063d2e1e0fa34ac5e9a849ee19400e6852098c719d55102c5c99cfdcb06c354940a5d1bcd2e9285fc091a12c404c49dc90f296cb49e57a1bd39e7a0accad7caf

    • SSDEEP

      384:hbeYSo+0xDR7Vr69i5SiQm81My/+N5Op61iw3vgpJY0mwYwAthL8tfRCiW:hbeXoxFVr6k8iQfM5N5Op61iSkhm4Att

    Score
    3/10
    behavioral1

    • Target

      sarver/Server.exe

    • Size

      37KB

    • MD5

      2c48f31ed16473dc1d4d3de0471fb038

    • SHA1

      af93ea242ba05d585aea52d99eecc4be8966ae8e

    • SHA256

      31e7b37f5680b46ee4fab18f186469ae475ea76aecd7820d20d56e4d5db58a04

    • SHA512

      35dee546949f9cb0025f24796463294e2d62d8e55ad8db41eeb91e2601893ea7423044d5eed067f1c824eb0100bcde3c838c587ebc886d44bb1b09104598830e

    • SSDEEP

      384:hGNTgiG1CVZfursvO6yszop0n/eT3wSArAF+rMRTyN/0L+EcoinblneHQM3epzXv:ENh5Wpszop0mzw/rM+rMRa8Nuict

    Score
    8/10
    evasion
    behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

3
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks