njrat | 4f26208a480c3c01ee313f6b8fa9f6e132ec02ab3e179600f0bb965f97cb610d | Triage

Sharing

General

Target

223fe0971e3093c48957b34f5f7e5d57.exe
Size

93KB
Sample

211213-va5fmsfabn
MD5

223fe0971e3093c48957b34f5f7e5d57
SHA1

1355cb6ddd9d1f6098cc48f683d154c46cd61a64
SHA256

4f26208a480c3c01ee313f6b8fa9f6e132ec02ab3e179600f0bb965f97cb610d
SHA512

ad00da9253642f35e5d8f9359cb00ed0d3557f09c1db333cdb3ac2d1b7c726ad0194363c8920cd959885087e7b8771742e2a3b907de5724f04eb15212787f850

Score

10^/10

njrat xmrig fileder evasion miner

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Fileder

C2

ODIuFRANSESCOjAyLjE2Ny4yFRANSESCOjkStrik:NTU1Mg==

Mutex

c4e37f67d0a340cd60341394ef726096

Attributes

reg_key
c4e37f67d0a340cd60341394ef726096
splitter
|'|'|

Targets

- Target
  
  223fe0971e3093c48957b34f5f7e5d57.exe
- Size
  
  93KB
- MD5
  
  223fe0971e3093c48957b34f5f7e5d57
- SHA1
  
  1355cb6ddd9d1f6098cc48f683d154c46cd61a64
- SHA256
  
  4f26208a480c3c01ee313f6b8fa9f6e132ec02ab3e179600f0bb965f97cb610d
- SHA512
  
  ad00da9253642f35e5d8f9359cb00ed0d3557f09c1db333cdb3ac2d1b7c726ad0194363c8920cd959885087e7b8771742e2a3b907de5724f04eb15212787f850
Score

10^/10

xmrig evasion miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Modifies Windows Firewall
  evasion
- Drops startup file
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigevasionminer

behavioral2