General
-
Target
Server.exe
-
Size
93KB
-
Sample
240627-vpyxeatcmn
-
MD5
572fc944cc5ef19f9669bf0132c98a93
-
SHA1
0a0fd5642ffffe9508c70809b859764c8996a30c
-
SHA256
ca5b63d40c1089aa689ab2f94536f8c5324eabead6c45d4638c95fd5b4fb5e52
-
SHA512
e1c845e5d781abf327242da0e32ca7cec480bf0913f2d4a21bf4750cd15454987c50b2fa56abb259dd483aa8fec00de64b90a66534f3942bdf5c2af3e601f144
-
SSDEEP
1536:OVpR8lZc+/2HVzvdzDGffvqjEwzGi1dDcHb/gS:OVpKc+/2HVzFzDGn7i1dWY
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
7.tcp.eu.ngrok.io:11619
1a03731b40a3b9b5d705cc71f522e1c3
-
reg_key
1a03731b40a3b9b5d705cc71f522e1c3
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
93KB
-
MD5
572fc944cc5ef19f9669bf0132c98a93
-
SHA1
0a0fd5642ffffe9508c70809b859764c8996a30c
-
SHA256
ca5b63d40c1089aa689ab2f94536f8c5324eabead6c45d4638c95fd5b4fb5e52
-
SHA512
e1c845e5d781abf327242da0e32ca7cec480bf0913f2d4a21bf4750cd15454987c50b2fa56abb259dd483aa8fec00de64b90a66534f3942bdf5c2af3e601f144
-
SSDEEP
1536:OVpR8lZc+/2HVzvdzDGffvqjEwzGi1dDcHb/gS:OVpKc+/2HVzFzDGn7i1dWY
Score8/10-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1