Overview

overview

10

Static

static

10

AimWare Cr...re.exe

windows7-x64

8

AimWare Cr...re.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AimWareCrack.rar

  • Size

    31KB

  • Sample

    240919-ezt37s1djk

  • MD5

    cd31fccb36a5e08d4c0e0455263bdce8

  • SHA1

    467184e14024b9ed8f2e4118a34f0cc9fa22ccdb

  • SHA256

    fea34176704339dadce1e7592bd2b1594d22fbf0d574f61517d590bfc0276595

  • SHA512

    06f2e42274f3d8390e4ffe59a879a2f195e7d5ae4676b93ffd65eb5655b5fe7bfe938c8123938c244861c9deea7e667e618288e055a1349d6afe3381ab7d7419

  • SSDEEP

    768:KPuTpQrPMiPF33c9x+SGQlxyu5nSYchyf0ZFjd:KPulQr0uF34+OnhnSYz6Fx

Score
10/10
njrataimwarediscoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

AimWare

C2

hakim32.ddns.net:2000

127.0.0.1:5552
Mutex

879a49ac7651a7ba7626e2acae177521

Attributes
  • reg_key

    879a49ac7651a7ba7626e2acae177521

  • splitter

    |'|'|

Targets

    • Target

      AimWare Crack/AimWare.exe

    • Size

      93KB

    • MD5

      abc13201f23ec06c8ed617e503569aa5

    • SHA1

      22e03e82b23939e67fd76452d36d93910f8f9bb4

    • SHA256

      775ad89dc1d9f9d79706b57676912fa01d018038e7f2d2923ccddf3f5b954bc1

    • SHA512

      ae76fea38c87ae2d0a97fe9db654c72f8102da63fc396a6ebdaa95773ffe7189629d75e4426e389611b1dcb53c3de9c19d4b9b64acc305d3fbdc8f3b4f476bb5

    • SSDEEP

      768:eY3EUfhWXxyFcxovUKUJuROprXtWNzeYhYbmXxrjEtCdnl2pi1Rz4Rk3DsGdp2gM:uU5WhIUKcuOJ2PhBjEwzGi1dDvD2gS

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks