General

  • Target

    6762f26d36066dd8b6cd180b69f3f117fcb1b314ee4d92cc2c7fa3ac91b934ae.exe

  • Size

    91KB

  • Sample

    241127-dgjdbazpgp

  • MD5

    3da8e3ebbbc68f62e3df9dc5c0b9cdb0

  • SHA1

    689b19d918d4138faa4507eb8227c504d438549a

  • SHA256

    6762f26d36066dd8b6cd180b69f3f117fcb1b314ee4d92cc2c7fa3ac91b934ae

  • SHA512

    a925651d935526717760bfa2b18e9ec66528b4b188f8ebb79bf529b57caf8e1f561034828ac42973a9a81a6304bb11d3faf600776b9c48029651dbca1821c62c

  • SSDEEP

    768:EGZel/M+0uGAfIi+qXuzMywjZdLJakHX+xWvYR4SYzktFI3tr3/iTnRVOR1MY4Zw:Ol/l0pUjBjZdL4kHG5mktQJVR1Ap8vJ

Malware Config

Extracted

Family

njrat

C2

hakim32.ddns.net:2000

Targets

    • Target

      6762f26d36066dd8b6cd180b69f3f117fcb1b314ee4d92cc2c7fa3ac91b934ae.exe

    • Size

      91KB

    • MD5

      3da8e3ebbbc68f62e3df9dc5c0b9cdb0

    • SHA1

      689b19d918d4138faa4507eb8227c504d438549a

    • SHA256

      6762f26d36066dd8b6cd180b69f3f117fcb1b314ee4d92cc2c7fa3ac91b934ae

    • SHA512

      a925651d935526717760bfa2b18e9ec66528b4b188f8ebb79bf529b57caf8e1f561034828ac42973a9a81a6304bb11d3faf600776b9c48029651dbca1821c62c

    • SSDEEP

      768:EGZel/M+0uGAfIi+qXuzMywjZdLJakHX+xWvYR4SYzktFI3tr3/iTnRVOR1MY4Zw:Ol/l0pUjBjZdL4kHG5mktQJVR1Ap8vJ

    • Modifies Windows Firewall

    • Legitimate hosting services abused for malware hosting/C2

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks