Overview

overview

10

Static

static

10

398f2f9f7a...f2.exe

windows7-x64

8

398f2f9f7a...f2.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    398f2f9f7a43f6805a946de7b19eb9c6882ffd6e4d38964c62a39b8d4fb6c9f2.exe

  • Size

    91KB

  • Sample

    250120-pvnezazjcv

  • MD5

    72c34dd10ceaa348570b64aba6b74729

  • SHA1

    931fdf0e15f22469ec60cda8873a7af3b5b8e09c

  • SHA256

    398f2f9f7a43f6805a946de7b19eb9c6882ffd6e4d38964c62a39b8d4fb6c9f2

  • SHA512

    7c153c0b885277fdc2843457d33b21a338604bacb88e964fa93e6b3f9f7329f3004e0e3d7c52d86252b6d75158fd97d57c5693836bdd16f23b47d89b2113bea8

  • SSDEEP

    1536:bDIbkWWWipj69MME0n2ZXkZEkqVR1MpSv5:3Inqj69MICaJqVR+SB

Score
10/10
njratdefense_evasiondiscoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

C2

hakim32.ddns.net:2000

Targets

    • Target

      398f2f9f7a43f6805a946de7b19eb9c6882ffd6e4d38964c62a39b8d4fb6c9f2.exe

    • Size

      91KB

    • MD5

      72c34dd10ceaa348570b64aba6b74729

    • SHA1

      931fdf0e15f22469ec60cda8873a7af3b5b8e09c

    • SHA256

      398f2f9f7a43f6805a946de7b19eb9c6882ffd6e4d38964c62a39b8d4fb6c9f2

    • SHA512

      7c153c0b885277fdc2843457d33b21a338604bacb88e964fa93e6b3f9f7329f3004e0e3d7c52d86252b6d75158fd97d57c5693836bdd16f23b47d89b2113bea8

    • SSDEEP

      1536:bDIbkWWWipj69MME0n2ZXkZEkqVR1MpSv5:3Inqj69MICaJqVR+SB

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalationdefense_evasion

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks