General

  • Target

    EMANNN.exe

  • Size

    55KB

  • Sample

    241009-wy724svhjh

  • MD5

    6bc49cb82d9f92f4a70cf4c84265c26f

  • SHA1

    87f69c48c84f9a701b6800762c69c95dfd181273

  • SHA256

    925364c585429e6ae064c4db9c7bf30db036debed7b1f403efc60ea6990da4bf

  • SHA512

    3d1f055ec378e244c239debc9832bbd6f56a1b3cb27fa009380a728e769ad870272d90cc940d269a3f985c333380b43eedb4c5d1fbe8be57bd67749bc9419d0c

  • SSDEEP

    1536:k+mIDn/NOryWhI0DtwsNMDmXExI3pmjm:SIDnE+v0DtwsNMDmXExI3pm

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

VeletRobox

C2

maps-having.gl.at.ply.gg:52531

Mutex

f53a2de487461812859f1781af27b20d

Attributes
  • reg_key

    f53a2de487461812859f1781af27b20d

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      EMANNN.exe

    • Size

      55KB

    • MD5

      6bc49cb82d9f92f4a70cf4c84265c26f

    • SHA1

      87f69c48c84f9a701b6800762c69c95dfd181273

    • SHA256

      925364c585429e6ae064c4db9c7bf30db036debed7b1f403efc60ea6990da4bf

    • SHA512

      3d1f055ec378e244c239debc9832bbd6f56a1b3cb27fa009380a728e769ad870272d90cc940d269a3f985c333380b43eedb4c5d1fbe8be57bd67749bc9419d0c

    • SSDEEP

      1536:k+mIDn/NOryWhI0DtwsNMDmXExI3pmjm:SIDnE+v0DtwsNMDmXExI3pm

    • Deletes itself

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks