Overview

overview

10

Static

static

10

Server.exe

windows10-ltsc 2021-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Server.exe

  • Size

    93KB

  • Sample

    250114-3fm3jssrhz

  • MD5

    2c6c97a98e4d453076c54315d90d341b

  • SHA1

    7dcf69380c76921a17785c45632cff615a309e2b

  • SHA256

    cb9b090441ac40dc171302815bb209809656d47238f8a7ba29e97807d385700f

  • SHA512

    13b2360b78c8bb367b6d8ab98534d02615ba93bee3e39576dc51514b631f5518e9e8456acaa453ce8030902883ccfb60949d267da4de498d3b2132dc705c905c

  • SSDEEP

    768:MY3TVnD7O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3TsGx:fVvOx6baIa9RZj00ljEwzGi1dDfDVgS

Score
10/10
njrathackeddiscoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:9875
Mutex

bc259c119d8e97ce9b9d49b85dcd4a83

Attributes
  • reg_key

    bc259c119d8e97ce9b9d49b85dcd4a83

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      93KB

    • MD5

      2c6c97a98e4d453076c54315d90d341b

    • SHA1

      7dcf69380c76921a17785c45632cff615a309e2b

    • SHA256

      cb9b090441ac40dc171302815bb209809656d47238f8a7ba29e97807d385700f

    • SHA512

      13b2360b78c8bb367b6d8ab98534d02615ba93bee3e39576dc51514b631f5518e9e8456acaa453ce8030902883ccfb60949d267da4de498d3b2132dc705c905c

    • SSDEEP

      768:MY3TVnD7O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3TsGx:fVvOx6baIa9RZj00ljEwzGi1dDfDVgS

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks