General
-
Target
Server.exe
-
Size
93KB
-
Sample
240630-x3hhpawflk
-
MD5
cea4f20992cffa364724e8b15c1673cf
-
SHA1
082e2f92180df46a35e177565158957ed8f3b0bd
-
SHA256
cb7076dd6a1a709809dec644f95d4b888bc09df369ad0cc767ee13cceb314370
-
SHA512
5ae2eef817e5cdeade5e0159bf52fbb32c6091e7b5d0d57721ed7605ffaf0efd017c738add55b45b975341e5c1d01a797fa6fec5205e8b5f315fa675408b151c
-
SSDEEP
768:kY30L4eZw0FBcp4uQwV/JMVBXFbF4qeXuOWN/XxrjEtCdnl2pi1Rz4Rk3AsGdp+3:gL40wmEQwVhMTcJLYjEwzGi1dDYD+gS
Behavioral task
behavioral1
Sample
Server.exe
Resource
win10-20240404-en
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
https://0bd1-2605-6440-2000-3002-f90b-8a6c-311d-ee13.ngrok-free.app.:8080
7e19fde512dbe42326e20391d7e09012
-
reg_key
7e19fde512dbe42326e20391d7e09012
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
93KB
-
MD5
cea4f20992cffa364724e8b15c1673cf
-
SHA1
082e2f92180df46a35e177565158957ed8f3b0bd
-
SHA256
cb7076dd6a1a709809dec644f95d4b888bc09df369ad0cc767ee13cceb314370
-
SHA512
5ae2eef817e5cdeade5e0159bf52fbb32c6091e7b5d0d57721ed7605ffaf0efd017c738add55b45b975341e5c1d01a797fa6fec5205e8b5f315fa675408b151c
-
SSDEEP
768:kY30L4eZw0FBcp4uQwV/JMVBXFbF4qeXuOWN/XxrjEtCdnl2pi1Rz4Rk3AsGdp+3:gL40wmEQwVhMTcJLYjEwzGi1dDYD+gS
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1