Overview

overview

10

Static

static

10

Server.exe

windows7-x64

8

Server.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Server.exe

  • Size

    93KB

  • Sample

    241222-mr5hzavmct

  • MD5

    f6675a418b2c5a731eb55d098ff4811b

  • SHA1

    2644b64d63915e3fd4bfe24beb310a093d4f441d

  • SHA256

    58f5e810373d4099f4730d5d63ca9bcb9088caa3db3aaa1843fa39230db7abf3

  • SHA512

    d32e4962e6a85e5c9f025561d4a8401bc056e82842e792b3fc2c488692beac92b935d46c6be444ad708898595ab200e88f672bf5ea73ac0380d98c6f4f291bde

  • SSDEEP

    1536:PdwC+xhUa9urgOBPRNvM4jEwzGi1dD7D1gS:PdmUa9urgObdGi1drC

Score
10/10
njratfuckeddiscoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

fucked

C2

hakim32.ddns.net:2000

fat-pads.gl.at.ply.gg:35059
Mutex

148a892b37f45e5773518d8932c75e38

Attributes
  • reg_key

    148a892b37f45e5773518d8932c75e38

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      93KB

    • MD5

      f6675a418b2c5a731eb55d098ff4811b

    • SHA1

      2644b64d63915e3fd4bfe24beb310a093d4f441d

    • SHA256

      58f5e810373d4099f4730d5d63ca9bcb9088caa3db3aaa1843fa39230db7abf3

    • SHA512

      d32e4962e6a85e5c9f025561d4a8401bc056e82842e792b3fc2c488692beac92b935d46c6be444ad708898595ab200e88f672bf5ea73ac0380d98c6f4f291bde

    • SSDEEP

      1536:PdwC+xhUa9urgOBPRNvM4jEwzGi1dD7D1gS:PdmUa9urgObdGi1drC

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks