njrat | 2566b3c8958350c97d8332c921a5039d55b821a15440ac0e0087570d287338ba | Triage

Sharing

General

Target

4b8c4cfc220a9a8c79b1e10712fe3f1b.exe
Size

93KB
Sample

211220-kqfr4saheq
MD5

4b8c4cfc220a9a8c79b1e10712fe3f1b
SHA1

9a5c1db0c51cfd2a78b67f0fc69e76ebb846a6ed
SHA256

2566b3c8958350c97d8332c921a5039d55b821a15440ac0e0087570d287338ba
SHA512

1116c3b4a3f090afbd4e89571fefb8560b08df8fb9dce2bf940e27d298b95cb6f91ba1c45735abe238c2d0133053e37a873ad6d6b93ba71380f7cb4e74b0a522

Score

10^/10

njrat xmrig fileder evasion miner

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Fileder

C2

FRANSESCOTkyLjE2OC4xLjE0OAStrikStrik:MjMwOQ==

Mutex

7e7f38a6aedc714cc5ab87150973b7de

Attributes

reg_key
7e7f38a6aedc714cc5ab87150973b7de
splitter
|'|'|

Targets

- Target
  
  4b8c4cfc220a9a8c79b1e10712fe3f1b.exe
- Size
  
  93KB
- MD5
  
  4b8c4cfc220a9a8c79b1e10712fe3f1b
- SHA1
  
  9a5c1db0c51cfd2a78b67f0fc69e76ebb846a6ed
- SHA256
  
  2566b3c8958350c97d8332c921a5039d55b821a15440ac0e0087570d287338ba
- SHA512
  
  1116c3b4a3f090afbd4e89571fefb8560b08df8fb9dce2bf940e27d298b95cb6f91ba1c45735abe238c2d0133053e37a873ad6d6b93ba71380f7cb4e74b0a522
Score

10^/10

xmrig evasion miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Modifies Windows Firewall
  evasion
- Drops startup file
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigevasionminer

behavioral2