Overview

overview

10

Static

static

10

c47b497c48...0N.exe

windows7-x64

8

c47b497c48...0N.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    c47b497c4854f1e9b09a2fde18969c80N.exe

  • Size

    37KB

  • Sample

    240715-mgb4ns1hjk

  • MD5

    c47b497c4854f1e9b09a2fde18969c80

  • SHA1

    7d25c6756fdde2356cf13abd420614a882dd200d

  • SHA256

    7ec07222068548074307b65a582e648e5b13c7f1b0e5ff4ea0f4dee6b038f8ab

  • SHA512

    f695dbbf92b9ac800f4fa10af4273a304b34224b936d78de145cb5f3a41fdc8aa23d6e27f32b61ef5ee8da808123b253f3266ca9e26b09ce70107da76883e565

  • SSDEEP

    384:1mOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3U:3FdGdkrgYRwWS9rM+rMRa8NuQ4t

Score
10/10
njrathackedevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:11544

Mutex

d43e95276e870e26a94b1d76425cd55a

Attributes
  • reg_key

    d43e95276e870e26a94b1d76425cd55a

  • splitter

    |'|'|

Targets

    • Target

      c47b497c4854f1e9b09a2fde18969c80N.exe

    • Size

      37KB

    • MD5

      c47b497c4854f1e9b09a2fde18969c80

    • SHA1

      7d25c6756fdde2356cf13abd420614a882dd200d

    • SHA256

      7ec07222068548074307b65a582e648e5b13c7f1b0e5ff4ea0f4dee6b038f8ab

    • SHA512

      f695dbbf92b9ac800f4fa10af4273a304b34224b936d78de145cb5f3a41fdc8aa23d6e27f32b61ef5ee8da808123b253f3266ca9e26b09ce70107da76883e565

    • SSDEEP

      384:1mOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3U:3FdGdkrgYRwWS9rM+rMRa8NuQ4t

    Score
    8/10
    evasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks