General

  • Target

    55d8e7afc8b28613ee7b43af4b3e1662377863946a393fbb8f56ee5bed3c1763.exe

  • Size

    37KB

  • Sample

    241011-bwqd3ayanf

  • MD5

    595a30b0b11b295a8b4231ff14a40875

  • SHA1

    6a8a4f574c64606362d82c622089f1ba9959284b

  • SHA256

    55d8e7afc8b28613ee7b43af4b3e1662377863946a393fbb8f56ee5bed3c1763

  • SHA512

    eb086f391b139d9bc8a1192385953a8cd385d89029a8d1da6d86a1287f215c77e53a252684bbaf2fbbb3789b917318f74d5301dc2108d56395f3444f02e656ab

  • SSDEEP

    384:qmOs0IiejvCVLO309QmykrtG+dA+Vd7wvOSiKrAF+rMRTyN/0L+EcoinblneHQM+:0FdGdkrgYH7wWS9rM+rMRa8NutBt

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:14987

Mutex

1045a4c11bcc3d0bfd480dd6030a8702

Attributes
  • reg_key

    1045a4c11bcc3d0bfd480dd6030a8702

  • splitter

    |'|'|

Targets

    • Target

      55d8e7afc8b28613ee7b43af4b3e1662377863946a393fbb8f56ee5bed3c1763.exe

    • Size

      37KB

    • MD5

      595a30b0b11b295a8b4231ff14a40875

    • SHA1

      6a8a4f574c64606362d82c622089f1ba9959284b

    • SHA256

      55d8e7afc8b28613ee7b43af4b3e1662377863946a393fbb8f56ee5bed3c1763

    • SHA512

      eb086f391b139d9bc8a1192385953a8cd385d89029a8d1da6d86a1287f215c77e53a252684bbaf2fbbb3789b917318f74d5301dc2108d56395f3444f02e656ab

    • SSDEEP

      384:qmOs0IiejvCVLO309QmykrtG+dA+Vd7wvOSiKrAF+rMRTyN/0L+EcoinblneHQM+:0FdGdkrgYH7wWS9rM+rMRa8NutBt

    • Modifies Windows Firewall

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks