General

  • Target

    c2fa3bf16efa680e4d94331cc3412460N

  • Size

    93KB

  • Sample

    240827-tyjneazend

  • MD5

    c2fa3bf16efa680e4d94331cc3412460

  • SHA1

    952e90052fad71f1aecc40d1190792ba949d9418

  • SHA256

    bb2e59f7decf5f2655fd2a37a90803195e3ecee363fd8103e0ea556f1f85a6fe

  • SHA512

    b3d176370240c2f7a8af545f4d7008486ede93674df737e4747c61f58a62403706b1ab41763ed294a6e9691b5c107e41b3333402912b661141603c5c9eee2a9c

  • SSDEEP

    768:ZY3bupD9O/pBcxYsbae6GIXb9pDX2b9zPL0OXLeuXxrjEtCdnl2pi1Rz4Rk3wsGH:8uLOx6baIa9RIj00ljEwzGi1dDoDLgS

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:5552

Mutex

c25a44db353f01294d560923ec8374cb

Attributes
  • reg_key

    c25a44db353f01294d560923ec8374cb

  • splitter

    |'|'|

Targets

    • Target

      c2fa3bf16efa680e4d94331cc3412460N

    • Size

      93KB

    • MD5

      c2fa3bf16efa680e4d94331cc3412460

    • SHA1

      952e90052fad71f1aecc40d1190792ba949d9418

    • SHA256

      bb2e59f7decf5f2655fd2a37a90803195e3ecee363fd8103e0ea556f1f85a6fe

    • SHA512

      b3d176370240c2f7a8af545f4d7008486ede93674df737e4747c61f58a62403706b1ab41763ed294a6e9691b5c107e41b3333402912b661141603c5c9eee2a9c

    • SSDEEP

      768:ZY3bupD9O/pBcxYsbae6GIXb9pDX2b9zPL0OXLeuXxrjEtCdnl2pi1Rz4Rk3wsGH:8uLOx6baIa9RIj00ljEwzGi1dDoDLgS

    • Modifies Windows Firewall

    • Drops startup file

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks