Overview

overview

10

Static

static

10

Server.exe

windows10-2004-x64

8

Server.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Server.exe

  • Size

    93KB

  • Sample

    241203-sxsz1swqcl

  • MD5

    997c314aa305bf6cf42f3d9a17fa18af

  • SHA1

    b1252e606043a1a37a84472f9ed715cab85ac3fb

  • SHA256

    e434889a91f948654d30f9333b334c7cbd9169ab8f5c8b72e445a105a3261d0d

  • SHA512

    55b7f1ae7bc640871c95ca516fcb84150fcbf9bc65260efdf5bda7167b04a2137e33a5710a94bb1c9fc0ca6cb741220e29295db1e89c46c6a9f1d98ef0966272

  • SSDEEP

    1536:2hkJGOdXj/u1ByN/49jEwzGi1dDaDhgS:2hkjj/u1B6gKi1dMe

Score
10/10
njratpidorasdiscoveryevasionpersistencephishingprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Pidoras

C2

hakim32.ddns.net:2000

tool-seven.gl.at.ply.gg:52445
Mutex

0c1bd31a645a324de8434492bf606073

Attributes
  • reg_key

    0c1bd31a645a324de8434492bf606073

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      93KB

    • MD5

      997c314aa305bf6cf42f3d9a17fa18af

    • SHA1

      b1252e606043a1a37a84472f9ed715cab85ac3fb

    • SHA256

      e434889a91f948654d30f9333b334c7cbd9169ab8f5c8b72e445a105a3261d0d

    • SHA512

      55b7f1ae7bc640871c95ca516fcb84150fcbf9bc65260efdf5bda7167b04a2137e33a5710a94bb1c9fc0ca6cb741220e29295db1e89c46c6a9f1d98ef0966272

    • SSDEEP

      1536:2hkJGOdXj/u1ByN/49jEwzGi1dDaDhgS:2hkjj/u1B6gKi1dMe

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalationphishing

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • A potential corporate email address has been identified in the URL: [email protected]

      phishing

    • Drops startup file

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks