General
-
Target
RuntimeBroker.exe
-
Size
93KB
-
Sample
250325-yqw1zs1yft
-
MD5
3785497fd4339e24258e3bd47b933c34
-
SHA1
8974341d2328f6561075ee16f4139fbfabdeb0f2
-
SHA256
39b7d36f78ad70c878581c1052fc6c1e0aab18312c9d8e229d9041494784f4b2
-
SHA512
17e0f9b78e9c8127109a396da564d589d89442f8dd268e11cc9317dad11eb80f345cde7568f6aea760c70b6f18ca08dc3df176b502ba0646e5c04b2936eee049
-
SSDEEP
1536:SUt8mGnrQr1EjOoYdsjEwzGi1dDtDagS:SUmnrQr1qr2i1dZf
Malware Config
Extracted
njrat
0.7d
RuntimeBroker.exe
hakim32.ddns.net:2000
morning-ultimately.gl.at.ply.gg:14531
a7508ccd4c60e6eaa0eb204481c3a0be
-
reg_key
a7508ccd4c60e6eaa0eb204481c3a0be
-
splitter
|'|'|
Targets
-
-
Target
RuntimeBroker.exe
-
Size
93KB
-
MD5
3785497fd4339e24258e3bd47b933c34
-
SHA1
8974341d2328f6561075ee16f4139fbfabdeb0f2
-
SHA256
39b7d36f78ad70c878581c1052fc6c1e0aab18312c9d8e229d9041494784f4b2
-
SHA512
17e0f9b78e9c8127109a396da564d589d89442f8dd268e11cc9317dad11eb80f345cde7568f6aea760c70b6f18ca08dc3df176b502ba0646e5c04b2936eee049
-
SSDEEP
1536:SUt8mGnrQr1EjOoYdsjEwzGi1dDtDagS:SUmnrQr1qr2i1dZf
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1