Overview

overview

10

Static

static

10

Server.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Server.exe

  • Size

    93KB

  • Sample

    250329-m5evga11fs

  • MD5

    be8230b1a5ba47dacb5b4d4f990f0da2

  • SHA1

    1c44f6422cdf7117c69ab172625eee8d8a561159

  • SHA256

    c7bd3056f1c01d0d36cd4ee675677f9dd20be0684fe8520f18df7d303c494e94

  • SHA512

    26176c2277701fc6b2dd568cb7e9448a83ebfb4f4394469e24ed44511870b3d57e1cd6b6bbe8a305f2bebb7c701330a5be2e37b1f35c19055f43f640c879e402

  • SSDEEP

    1536:NUwC+xhUa9urgOBPmNvMcjEwzGi1dDGDIgS:NUmUa9urgOkdCi1dYx

Score
10/10
njrathackeddefense_evasiondiscoverypersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

2.tcp.eu.ngrok.io:19281
Mutex

1611d7b8bf80b0aaf61e5b786e58a4b5

Attributes
  • reg_key

    1611d7b8bf80b0aaf61e5b786e58a4b5

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      93KB

    • MD5

      be8230b1a5ba47dacb5b4d4f990f0da2

    • SHA1

      1c44f6422cdf7117c69ab172625eee8d8a561159

    • SHA256

      c7bd3056f1c01d0d36cd4ee675677f9dd20be0684fe8520f18df7d303c494e94

    • SHA512

      26176c2277701fc6b2dd568cb7e9448a83ebfb4f4394469e24ed44511870b3d57e1cd6b6bbe8a305f2bebb7c701330a5be2e37b1f35c19055f43f640c879e402

    • SSDEEP

      1536:NUwC+xhUa9urgOBPmNvMcjEwzGi1dDGDIgS:NUmUa9urgOkdCi1dYx

    Score
    8/10
    defense_evasiondiscoverypersistenceprivilege_escalation

    • Modifies Windows Firewall

      defense_evasion

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.