General
-
Target
C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
-
Size
31KB
-
Sample
250331-tqqrrawlt6
-
MD5
4adad151f3c235616ce57238c32b4b34
-
SHA1
9d05a045e0ce402ff257d799921a9557a2569535
-
SHA256
c50488a31b6ce8d0ddd65b57bd27cf8c1bc86ad0382476f813c33083c5575d6f
-
SHA512
34b9607899e79f6e381c648f6afde801aed03e4041c9affc13d4855032d139f5164b7f2c4adfea56366d3365dd758fe9c86110b2148cc0c744f04945fc79a366
-
SSDEEP
768:RPwoqkZlH/azx1+ta+q3U97v8+QmIDUu0tiJYDj:s4qSp7QVkQSj
Malware Config
Extracted
njrat
0.7d
cheat
0.tcp.ngrok.io:11421
33aef9319e7f69a68e51dc4a67780130
-
reg_key
33aef9319e7f69a68e51dc4a67780130
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
-
Size
31KB
-
MD5
4adad151f3c235616ce57238c32b4b34
-
SHA1
9d05a045e0ce402ff257d799921a9557a2569535
-
SHA256
c50488a31b6ce8d0ddd65b57bd27cf8c1bc86ad0382476f813c33083c5575d6f
-
SHA512
34b9607899e79f6e381c648f6afde801aed03e4041c9affc13d4855032d139f5164b7f2c4adfea56366d3365dd758fe9c86110b2148cc0c744f04945fc79a366
-
SSDEEP
768:RPwoqkZlH/azx1+ta+q3U97v8+QmIDUu0tiJYDj:s4qSp7QVkQSj
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1