Overview

overview

10

Static

static

10

Server.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Server.exe

  • Size

    37KB

  • Sample

    240425-fjnf6afh3z

  • MD5

    2c48f31ed16473dc1d4d3de0471fb038

  • SHA1

    af93ea242ba05d585aea52d99eecc4be8966ae8e

  • SHA256

    31e7b37f5680b46ee4fab18f186469ae475ea76aecd7820d20d56e4d5db58a04

  • SHA512

    35dee546949f9cb0025f24796463294e2d62d8e55ad8db41eeb91e2601893ea7423044d5eed067f1c824eb0100bcde3c838c587ebc886d44bb1b09104598830e

  • SSDEEP

    384:hGNTgiG1CVZfursvO6yszop0n/eT3wSArAF+rMRTyN/0L+EcoinblneHQM3epzXv:ENh5Wpszop0mzw/rM+rMRa8Nuict

Score
10/10
njrathackeddiscoveryevasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

aboft7e.ddns.net:8080

Mutex

821d279469408d6fe1b46c282ee1cc19

Attributes
  • reg_key

    821d279469408d6fe1b46c282ee1cc19

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      37KB

    • MD5

      2c48f31ed16473dc1d4d3de0471fb038

    • SHA1

      af93ea242ba05d585aea52d99eecc4be8966ae8e

    • SHA256

      31e7b37f5680b46ee4fab18f186469ae475ea76aecd7820d20d56e4d5db58a04

    • SHA512

      35dee546949f9cb0025f24796463294e2d62d8e55ad8db41eeb91e2601893ea7423044d5eed067f1c824eb0100bcde3c838c587ebc886d44bb1b09104598830e

    • SSDEEP

      384:hGNTgiG1CVZfursvO6yszop0n/eT3wSArAF+rMRTyN/0L+EcoinblneHQM3epzXv:ENh5Wpszop0mzw/rM+rMRa8Nuict

    Score
    8/10
    discoveryevasion

    • Modifies Windows Firewall

      evasion

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

Network Service Discovery

1
T1046

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks