Overview

overview

10

Static

static

10

Server.exe

windows7-x64

8

Server.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Server.exe

  • Size

    93KB

  • Sample

    240916-lz9bfs1fja

  • MD5

    1bc7170bb503ec1dd8b63c6604781f58

  • SHA1

    400f928ff7d1b665e36b20d7353d28daf176c74d

  • SHA256

    f7306ad6f4594b82052edfb62a61379ed16219c39b6e5153f140b435ee6850a7

  • SHA512

    ee0d512c7be1171bf42181cdeb5ca5d8a54017332756d37b2d54a2ca4ca7d2fbef6a859c674ba437141fd7e38f4677aa9e48d0a3c392cbecd1ceaef17bcaec04

  • SSDEEP

    1536:kKjJD/HBZbszKu9AZpd7r1jEwzGi1dDED5gS:kKCzK4AZ3HCi1dy2

Score
10/10
njrathackeddiscoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

73.239.525.158:4545
Mutex

7966b724ed64884485cba395b9116702

Attributes
  • reg_key

    7966b724ed64884485cba395b9116702

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      93KB

    • MD5

      1bc7170bb503ec1dd8b63c6604781f58

    • SHA1

      400f928ff7d1b665e36b20d7353d28daf176c74d

    • SHA256

      f7306ad6f4594b82052edfb62a61379ed16219c39b6e5153f140b435ee6850a7

    • SHA512

      ee0d512c7be1171bf42181cdeb5ca5d8a54017332756d37b2d54a2ca4ca7d2fbef6a859c674ba437141fd7e38f4677aa9e48d0a3c392cbecd1ceaef17bcaec04

    • SSDEEP

      1536:kKjJD/HBZbszKu9AZpd7r1jEwzGi1dDED5gS:kKCzK4AZ3HCi1dy2

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks