General

  • Target

    Server.exe

  • Size

    93KB

  • Sample

    240625-w22z9syakk

  • MD5

    3a380b504980c0d497260d511c9012cd

  • SHA1

    741e1192a937d53f6768b6479cdbcd26ddac98d2

  • SHA256

    774b1450a7cd45088e15567aa7156cc63647f9cec7ecb62679d80bc3c883d2e2

  • SHA512

    cc9c9f2d95d9f05e537a3e794e7ea919e99cf86d6dac033702e8afc12de76a9b2b04e7cfcbb3f6286246bc3b7aab53d65965f825540e925e57f5667075a3df64

  • SSDEEP

    1536:QC7QHRsXQQEtQnHRegjEwzGi1dDtDOgS:QCrXQQEtQnxexi1dJz

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

victim 1

C2

hakim32.ddns.net:2000

127.0.0.1:5552

Mutex

1149345809ad9a0f71b63f9b8b345798

Attributes
  • reg_key

    1149345809ad9a0f71b63f9b8b345798

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      93KB

    • MD5

      3a380b504980c0d497260d511c9012cd

    • SHA1

      741e1192a937d53f6768b6479cdbcd26ddac98d2

    • SHA256

      774b1450a7cd45088e15567aa7156cc63647f9cec7ecb62679d80bc3c883d2e2

    • SHA512

      cc9c9f2d95d9f05e537a3e794e7ea919e99cf86d6dac033702e8afc12de76a9b2b04e7cfcbb3f6286246bc3b7aab53d65965f825540e925e57f5667075a3df64

    • SSDEEP

      1536:QC7QHRsXQQEtQnHRegjEwzGi1dDtDOgS:QCrXQQEtQnxexi1dJz

    • Modifies Windows Firewall

    • Drops startup file

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks