General
-
Target
Server.exe
-
Size
93KB
-
Sample
241216-nn9tysymez
-
MD5
4106c643751ca405526c35082b61e21e
-
SHA1
a00c03ab8b002b561489b2ef981a23136523949d
-
SHA256
6cd803552c3fccea87f24655af28a08bef2593590c6d418f8e6157c50a4f3938
-
SHA512
a780ed987ad64983c21a44a84285f1cd00d5e32449c85bdf1ffc7822424bec3c7bcf4823071268989a5a6f583d01e98a632a999eba0d8b613ffe8fc77419bbdb
-
SSDEEP
1536:JcwC+xhUa9urgOBPmNvM4jEwzGi1dDUD+gS:JcmUa9urgOkdGi1d6j
Behavioral task
behavioral1
Sample
Server.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Server.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
fucked
hakim32.ddns.net:2000
november-knife.gl.at.ply.gg:31521
b441dab2dad78af5af045a19f94e9c80
-
reg_key
b441dab2dad78af5af045a19f94e9c80
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
93KB
-
MD5
4106c643751ca405526c35082b61e21e
-
SHA1
a00c03ab8b002b561489b2ef981a23136523949d
-
SHA256
6cd803552c3fccea87f24655af28a08bef2593590c6d418f8e6157c50a4f3938
-
SHA512
a780ed987ad64983c21a44a84285f1cd00d5e32449c85bdf1ffc7822424bec3c7bcf4823071268989a5a6f583d01e98a632a999eba0d8b613ffe8fc77419bbdb
-
SSDEEP
1536:JcwC+xhUa9urgOBPmNvM4jEwzGi1dDUD+gS:JcmUa9urgOkdGi1d6j
-
Modifies Windows Firewall
-
Drops startup file
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1