Overview

overview

10

Static

static

10

25a598f19f...70.exe

windows7-x64

8

25a598f19f...70.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25a598f19fc93ed7abd222c542270070.exe

  • Size

    91KB

  • Sample

    241125-t38hbswkcs

  • MD5

    25a598f19fc93ed7abd222c542270070

  • SHA1

    81e6b383f7200927d12ec89ea471ac72657d2e6a

  • SHA256

    791ddabc0fe9675f1de59e055ffd6a292be34144d9f02803311eb9fb3dcc44ea

  • SHA512

    b58faccefffdbe44f5725080c0442e827a7aae7fcca5763c065d4163d0aa78744643701d1f28ec0412957945297dd11c08a46e42b30d190df2adbf58ba70661f

  • SSDEEP

    768:EGZel/M+0uGAfIi+qXuzMywjZdLJakHX+xWvYR4SYzktFI3tr3/iTnRVOR1MY4ZW:Ol/l0pUjBjZdL4kHG5mktQJVR1Ap8v

Score
10/10
njratdiscoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

C2

hakim32.ddns.net:2000

Targets

    • Target

      25a598f19fc93ed7abd222c542270070.exe

    • Size

      91KB

    • MD5

      25a598f19fc93ed7abd222c542270070

    • SHA1

      81e6b383f7200927d12ec89ea471ac72657d2e6a

    • SHA256

      791ddabc0fe9675f1de59e055ffd6a292be34144d9f02803311eb9fb3dcc44ea

    • SHA512

      b58faccefffdbe44f5725080c0442e827a7aae7fcca5763c065d4163d0aa78744643701d1f28ec0412957945297dd11c08a46e42b30d190df2adbf58ba70661f

    • SSDEEP

      768:EGZel/M+0uGAfIi+qXuzMywjZdLJakHX+xWvYR4SYzktFI3tr3/iTnRVOR1MY4ZW:Ol/l0pUjBjZdL4kHG5mktQJVR1Ap8v

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Legitimate hosting services abused for malware hosting/C2

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks