Overview

overview

10

Static

static

10

Server.exe

windows7-x64

8

Server.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Server.exe

  • Size

    93KB

  • Sample

    241202-vhdmwssrhv

  • MD5

    bb3fb4c6cf26e4c493e408d0edb5e829

  • SHA1

    88da923e8d993a87b8d8970b54f774b47e2b1dc1

  • SHA256

    c52b9ffe033d174b2f93b44280c637e8fed9ec36cbf0a391c72a4e421830c6eb

  • SHA512

    4d911914d49355b0ebe006b686dd6075b3ba1aa3aeb6425846cd5203d94683f33cbe44cadf909cd68577e404d628e0bfca6fa33b31dc2f668b5673d6446128c7

  • SSDEEP

    1536:MO9r7EkrjaFIs7E5OxFJn8LjEwzGi1dD/DKgS:MOhjau5OfVni1dXP

Score
10/10
njrathackeddiscoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

cnet-contracting.gl.at.ply.gg:10206
Mutex

f660f38bbe0ae15ea88c354f03adbfdc

Attributes
  • reg_key

    f660f38bbe0ae15ea88c354f03adbfdc

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      93KB

    • MD5

      bb3fb4c6cf26e4c493e408d0edb5e829

    • SHA1

      88da923e8d993a87b8d8970b54f774b47e2b1dc1

    • SHA256

      c52b9ffe033d174b2f93b44280c637e8fed9ec36cbf0a391c72a4e421830c6eb

    • SHA512

      4d911914d49355b0ebe006b686dd6075b3ba1aa3aeb6425846cd5203d94683f33cbe44cadf909cd68577e404d628e0bfca6fa33b31dc2f668b5673d6446128c7

    • SSDEEP

      1536:MO9r7EkrjaFIs7E5OxFJn8LjEwzGi1dD/DKgS:MOhjau5OfVni1dXP

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks