njrat | fb5cc233422dab904074e1777e28631912a88b3046a68e7a0963e1ac892ff259 | Triage

Sharing

General

Target

FB5CC233422DAB904074E1777E28631912A88B3046A68.exe
Size

43KB
Sample

211122-xcbbpabfh7
MD5

e4db9bf2d3ce9406e1339ed4119ac80e
SHA1

5351b8a10a515918cd0b7dd1e577ebbe48c531b2
SHA256

fb5cc233422dab904074e1777e28631912a88b3046a68e7a0963e1ac892ff259
SHA512

8bfc7b064d651aa76bf488f9b34e643aeb83d6e6f49b112106a6b90c71d210da8a9cae89f0484a5b5587e4b4801a44dc82464aa46ffd18ea7d8d37a6a2a6dce9

Score

10^/10

njrat hacked persistence

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

0.tcp.ngrok.io:16834

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  FB5CC233422DAB904074E1777E28631912A88B3046A68.exe
- Size
  
  43KB
- MD5
  
  e4db9bf2d3ce9406e1339ed4119ac80e
- SHA1
  
  5351b8a10a515918cd0b7dd1e577ebbe48c531b2
- SHA256
  
  fb5cc233422dab904074e1777e28631912a88b3046a68e7a0963e1ac892ff259
- SHA512
  
  8bfc7b064d651aa76bf488f9b34e643aeb83d6e6f49b112106a6b90c71d210da8a9cae89f0484a5b5587e4b4801a44dc82464aa46ffd18ea7d8d37a6a2a6dce9
Score

7^/10

persistence
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2