Overview

overview

10

Static

static

10

deb039689b...ae.exe

windows7-x64

8

deb039689b...ae.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    deb039689b209125bffddf764519690c66a9b0813c20d1e4f604591e5ac16cae

  • Size

    93KB

  • Sample

    240910-slznes1fjg

  • MD5

    069f7a73141c44ccaa24b601d88c3566

  • SHA1

    09a32b4d103e71c1f9bd89fd03212b91c1dd8ed5

  • SHA256

    deb039689b209125bffddf764519690c66a9b0813c20d1e4f604591e5ac16cae

  • SHA512

    318eb3af95f761c49bb8a62eb19827eff002e7341a4ea205c6f07e09c89047b94811a2353343842aa54fe284918c2131143c2aaa9ce54d16c39db4c4471c4945

  • SSDEEP

    1536:vCmC+xhUa9urgOB9RNvM4jEwzGi1dDADMgS:vCgUa9urgONdGi1dul

Score
10/10
njrathackeddiscoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

old-co.gl.at.ply.gg:37599
Mutex

ef2c921f9e4b3cf13d313d777a8d9c35

Attributes
  • reg_key

    ef2c921f9e4b3cf13d313d777a8d9c35

  • splitter

    |'|'|

Targets

    • Target

      deb039689b209125bffddf764519690c66a9b0813c20d1e4f604591e5ac16cae

    • Size

      93KB

    • MD5

      069f7a73141c44ccaa24b601d88c3566

    • SHA1

      09a32b4d103e71c1f9bd89fd03212b91c1dd8ed5

    • SHA256

      deb039689b209125bffddf764519690c66a9b0813c20d1e4f604591e5ac16cae

    • SHA512

      318eb3af95f761c49bb8a62eb19827eff002e7341a4ea205c6f07e09c89047b94811a2353343842aa54fe284918c2131143c2aaa9ce54d16c39db4c4471c4945

    • SSDEEP

      1536:vCmC+xhUa9urgOB9RNvM4jEwzGi1dDADMgS:vCgUa9urgONdGi1dul

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks