General

  • Target

    Server.exe

  • Size

    93KB

  • Sample

    241216-nn9tysymez

  • MD5

    4106c643751ca405526c35082b61e21e

  • SHA1

    a00c03ab8b002b561489b2ef981a23136523949d

  • SHA256

    6cd803552c3fccea87f24655af28a08bef2593590c6d418f8e6157c50a4f3938

  • SHA512

    a780ed987ad64983c21a44a84285f1cd00d5e32449c85bdf1ffc7822424bec3c7bcf4823071268989a5a6f583d01e98a632a999eba0d8b613ffe8fc77419bbdb

  • SSDEEP

    1536:JcwC+xhUa9urgOBPmNvM4jEwzGi1dDUD+gS:JcmUa9urgOkdGi1d6j

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

fucked

C2

hakim32.ddns.net:2000

november-knife.gl.at.ply.gg:31521

Mutex

b441dab2dad78af5af045a19f94e9c80

Attributes
  • reg_key

    b441dab2dad78af5af045a19f94e9c80

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      93KB

    • MD5

      4106c643751ca405526c35082b61e21e

    • SHA1

      a00c03ab8b002b561489b2ef981a23136523949d

    • SHA256

      6cd803552c3fccea87f24655af28a08bef2593590c6d418f8e6157c50a4f3938

    • SHA512

      a780ed987ad64983c21a44a84285f1cd00d5e32449c85bdf1ffc7822424bec3c7bcf4823071268989a5a6f583d01e98a632a999eba0d8b613ffe8fc77419bbdb

    • SSDEEP

      1536:JcwC+xhUa9urgOBPmNvM4jEwzGi1dDUD+gS:JcmUa9urgOkdGi1d6j

    • Modifies Windows Firewall

    • Drops startup file

MITRE ATT&CK Enterprise v15

Tasks