Overview

overview

10

Static

static

10

0a7c2d89b2...50.exe

windows7-x64

8

0a7c2d89b2...50.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27453feb82a576d638daea7fe9332780.bin

  • Size

    16KB

  • Sample

    240702-bg4yxa1ckh

  • MD5

    47b22d95d4e393000a7f5b52a20bd099

  • SHA1

    9e11e4aa247fb985e5db39cf962c1ed78e25568e

  • SHA256

    cd50720713e401ed7c87770da63d9c3f6ebeb8a43bc6b5dd5ce8913c77da6cd8

  • SHA512

    88ddfac1841db4f15773cfae29b69d5b2630dce1963a0b5fcff9156f8c74ff6c5f68c5e76454d5a651067c300806aea6a89fc7ab465e49df2793ef302298de6b

  • SSDEEP

    384:KCeTcyGouP8tbF6zLdhaZByyjbpcrHCjdCAsDw:beTcyppZ8LTarXyTiww

Score
10/10
njrathackedevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:19060

Mutex

e7eb820c0a4c74a5a3c4cbec9272f9f5

Attributes
  • reg_key

    e7eb820c0a4c74a5a3c4cbec9272f9f5

  • splitter

    |'|'|

Targets

    • Target

      0a7c2d89b2846fefa40c4afc51d690e69cd41c02e79b9eae82298b6e7cb8e750.exe

    • Size

      37KB

    • MD5

      27453feb82a576d638daea7fe9332780

    • SHA1

      d20579a0f03edf8d69b4fde7235562085cd5a4e8

    • SHA256

      0a7c2d89b2846fefa40c4afc51d690e69cd41c02e79b9eae82298b6e7cb8e750

    • SHA512

      709a48cddc6035471fa309e91abbc435933babb4d5efcc8a65756a362b38c43eb61c3892aab9862220e069ddc409528a1951f3d26d247209f4b6cdfacb24a801

    • SSDEEP

      384:pmOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3j:7FdGdkrgYRwWS9rM+rMRa8Nuvwt

    Score
    8/10
    evasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks