Overview

overview

10

Static

static

10

server.exe

windows11-21h2-x64

8

Resubmissions

06-01-2025 12:05

250106-n9g13awla1 10

06-01-2025 12:05

250106-n9b5tawlax 10

06-01-2025 11:39

250106-nr99wsxqap 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    server.exe

  • Size

    93KB

  • Sample

    250106-n9g13awla1

  • MD5

    e4b99200fb42ee229fbb41f2cf56d8f8

  • SHA1

    edf6652f563fdc69788fb9c4e8b9499c412095fd

  • SHA256

    adae7b74db9b2c08abcc5f6b0165896726a36eb412e780710e242a97b12554f9

  • SHA512

    0a7f68fa37f55242e3d5e8b385a0eefdf971c5f196e20b34f931d339220e31a224769827129aab0444cdad4f7be78014dc9347749e90a6ec563074abe130dcb5

  • SSDEEP

    768:LY3oxnD9O/pBcxYsbae6GIXb9pDX2t9zPL0OXLeuXxrjEtCdnl2pi1Rz4Rk3usG1:hxxOx6baIa9ROj00ljEwzGi1dDKDJgS

Score
10/10
njrathackeddiscoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

77.90.22.45:5552
Mutex

dc81ba2078dcc6e9b83f78a887be4629

Attributes
  • reg_key

    dc81ba2078dcc6e9b83f78a887be4629

  • splitter

    |'|'|

Targets

    • Target

      server.exe

    • Size

      93KB

    • MD5

      e4b99200fb42ee229fbb41f2cf56d8f8

    • SHA1

      edf6652f563fdc69788fb9c4e8b9499c412095fd

    • SHA256

      adae7b74db9b2c08abcc5f6b0165896726a36eb412e780710e242a97b12554f9

    • SHA512

      0a7f68fa37f55242e3d5e8b385a0eefdf971c5f196e20b34f931d339220e31a224769827129aab0444cdad4f7be78014dc9347749e90a6ec563074abe130dcb5

    • SSDEEP

      768:LY3oxnD9O/pBcxYsbae6GIXb9pDX2t9zPL0OXLeuXxrjEtCdnl2pi1Rz4Rk3usG1:hxxOx6baIa9ROj00ljEwzGi1dDKDJgS

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks