njrat | 2566b3c8958350c97d8332c921a5039d55b821a15440ac0e0087570d287338ba | Triage

Sharing

General

Target

2566b3c8958350c97d8332c921a5039d55b821a15440ac0e0087570d287338ba
Size

93KB
Sample

211219-r6559shchn
MD5

4b8c4cfc220a9a8c79b1e10712fe3f1b
SHA1

9a5c1db0c51cfd2a78b67f0fc69e76ebb846a6ed
SHA256

2566b3c8958350c97d8332c921a5039d55b821a15440ac0e0087570d287338ba
SHA512

1116c3b4a3f090afbd4e89571fefb8560b08df8fb9dce2bf940e27d298b95cb6f91ba1c45735abe238c2d0133053e37a873ad6d6b93ba71380f7cb4e74b0a522

Score

10^/10

njrat fileder evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Fileder

C2

FRANSESCOTkyLjE2OC4xLjE0OAStrikStrik:MjMwOQ==

Mutex

7e7f38a6aedc714cc5ab87150973b7de

Attributes

reg_key
7e7f38a6aedc714cc5ab87150973b7de
splitter
|'|'|

Targets

- Target
  
  2566b3c8958350c97d8332c921a5039d55b821a15440ac0e0087570d287338ba
- Size
  
  93KB
- MD5
  
  4b8c4cfc220a9a8c79b1e10712fe3f1b
- SHA1
  
  9a5c1db0c51cfd2a78b67f0fc69e76ebb846a6ed
- SHA256
  
  2566b3c8958350c97d8332c921a5039d55b821a15440ac0e0087570d287338ba
- SHA512
  
  1116c3b4a3f090afbd4e89571fefb8560b08df8fb9dce2bf940e27d298b95cb6f91ba1c45735abe238c2d0133053e37a873ad6d6b93ba71380f7cb4e74b0a522
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1