Overview

overview

10

Static

static

10

Server.exe

windows10-ltsc 2021-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Server.exe

  • Size

    93KB

  • Sample

    241202-1cmw9stnaz

  • MD5

    defbb225dad13b3d1c3760fd13ef961c

  • SHA1

    3f3cf80093f4cee8dc83ada199fec3a25223fc82

  • SHA256

    c92d735b5bb92c2d66b35e02740992f307a3dabd0ecc6b6ae7630667c55f2c34

  • SHA512

    346f39dc6528783defc05fe539188f85661e921a5cf3669eb5f1fa78060ee8d4daaa1da70dc3bd854db2fea3ecf6b169cec7874bee7a81cfc43f097c35e2bb06

  • SSDEEP

    768:HY3odnD9O/pBcxYsbae6GIXb9pDX2t9zPL0OXLeuXxrjEtCdnl2pi1Rz4Rk37sGM:VdxOx6baIa9ROj00ljEwzGi1dDHDGgS

Score
10/10
njratfuckeddiscoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

fucked

C2

hakim32.ddns.net:2000

127.0.0.1:6060
Mutex

5e95493f3fe58d9745fe5e529229f235

Attributes
  • reg_key

    5e95493f3fe58d9745fe5e529229f235

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      93KB

    • MD5

      defbb225dad13b3d1c3760fd13ef961c

    • SHA1

      3f3cf80093f4cee8dc83ada199fec3a25223fc82

    • SHA256

      c92d735b5bb92c2d66b35e02740992f307a3dabd0ecc6b6ae7630667c55f2c34

    • SHA512

      346f39dc6528783defc05fe539188f85661e921a5cf3669eb5f1fa78060ee8d4daaa1da70dc3bd854db2fea3ecf6b169cec7874bee7a81cfc43f097c35e2bb06

    • SSDEEP

      768:HY3odnD9O/pBcxYsbae6GIXb9pDX2t9zPL0OXLeuXxrjEtCdnl2pi1Rz4Rk37sGM:VdxOx6baIa9ROj00ljEwzGi1dDHDGgS

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks