General

  • Target

    New Client.exe

  • Size

    167KB

  • Sample

    240621-t7hsgasamm

  • MD5

    c017d1590a20182b9c028bd430457ff2

  • SHA1

    c2b52c16527033b33b2df817f5b3ba9032e19b94

  • SHA256

    8c13863ad14033c2a65fee9e8f5411a842cbe4a9f1ac54f0e2b818773653e341

  • SHA512

    c3e9300c8b01fce85e555c2c3838deffb1c2fda335ceb2b51d040855e2b0ede4e41e1d97a406b1eba6b2f3ef4c0a5aef5c0588d77248bdf5aeafb0c7034412f9

  • SSDEEP

    3072:epeOfoN36tLQviFCu9Bn8pfWl9zoaF9b7YvM+UJ8T2SXZyrgoBJtbN/3MCK2kev0:ed79zKvMA/JdSI5eb

Score
10/10

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

LOX

C2

127.0.0.1:17524

Mutex

Microsoft Edge

Attributes
  • reg_key

    Microsoft Edge

  • splitter

    |Ghost|

Targets

    • Target

      New Client.exe

    • Size

      167KB

    • MD5

      c017d1590a20182b9c028bd430457ff2

    • SHA1

      c2b52c16527033b33b2df817f5b3ba9032e19b94

    • SHA256

      8c13863ad14033c2a65fee9e8f5411a842cbe4a9f1ac54f0e2b818773653e341

    • SHA512

      c3e9300c8b01fce85e555c2c3838deffb1c2fda335ceb2b51d040855e2b0ede4e41e1d97a406b1eba6b2f3ef4c0a5aef5c0588d77248bdf5aeafb0c7034412f9

    • SSDEEP

      3072:epeOfoN36tLQviFCu9Bn8pfWl9zoaF9b7YvM+UJ8T2SXZyrgoBJtbN/3MCK2kev0:ed79zKvMA/JdSI5eb

    Score
    7/10
    • Drops startup file

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks