njrat | dbc86d106d7e6993024eca3c621bd7dd84ea578903fd11a62ed3af896ef78470 | Triage

Sharing

General

Target

a8dc753c688c6575161f62092cd2007d.exe
Size

37KB
Sample

211227-aq769acaa9
MD5

a8dc753c688c6575161f62092cd2007d
SHA1

c1edb2b7b8aadddca630085dc8e2ba4d0392ee53
SHA256

dbc86d106d7e6993024eca3c621bd7dd84ea578903fd11a62ed3af896ef78470
SHA512

84da0b51aecf8743839f6dceafcdadc1491cb84b7949862c0b079a3f98c8c6d983bc15e045e48476b05f3c05abf149e921faccdbbdb56f406f2d3223ab9f66ea

Score

10^/10

njrat microsoft evasion persistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Microsoft

C2

91.206.5.224:8888

Mutex

46bf89ad0102831dcc1dc39e90f31001

Attributes

reg_key
46bf89ad0102831dcc1dc39e90f31001
splitter
|'|'|

Targets

- Target
  
  a8dc753c688c6575161f62092cd2007d.exe
- Size
  
  37KB
- MD5
  
  a8dc753c688c6575161f62092cd2007d
- SHA1
  
  c1edb2b7b8aadddca630085dc8e2ba4d0392ee53
- SHA256
  
  dbc86d106d7e6993024eca3c621bd7dd84ea578903fd11a62ed3af896ef78470
- SHA512
  
  84da0b51aecf8743839f6dceafcdadc1491cb84b7949862c0b079a3f98c8c6d983bc15e045e48476b05f3c05abf149e921faccdbbdb56f406f2d3223ab9f66ea
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence