njrat | 5bede66e2369345d341d7c9e0a343a1d781a1fde3a38373798ffb9ba9731b866 | Triage

Sharing

General

Target

5BEDE66E2369345D341D7C9E0A343A1D781A1FDE3A383.exe
Size

37KB
Sample

211227-sx35zscgd8
MD5

cb69d40567868c1cc92eefb5e2b27af1
SHA1

d589126c2e18030f2e0f94d42c3f3a9e51bdc25a
SHA256

5bede66e2369345d341d7c9e0a343a1d781a1fde3a38373798ffb9ba9731b866
SHA512

bf79e9dccb542318314d38582691036d5a2a258aa133ca4fd94ee88c76fce1bb41374ad39588f2c9dec2e959d91ea2d3c6b6bf8c70794a72415b7cc9975e12e0

Score

10^/10

njrat microsoft evasion persistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Microsoft

C2

91.206.5.224:1212

Mutex

04d10446f5edc1673b6ff536d2b2ea65

Attributes

reg_key
04d10446f5edc1673b6ff536d2b2ea65
splitter
|'|'|

Targets

- Target
  
  5BEDE66E2369345D341D7C9E0A343A1D781A1FDE3A383.exe
- Size
  
  37KB
- MD5
  
  cb69d40567868c1cc92eefb5e2b27af1
- SHA1
  
  d589126c2e18030f2e0f94d42c3f3a9e51bdc25a
- SHA256
  
  5bede66e2369345d341d7c9e0a343a1d781a1fde3a38373798ffb9ba9731b866
- SHA512
  
  bf79e9dccb542318314d38582691036d5a2a258aa133ca4fd94ee88c76fce1bb41374ad39588f2c9dec2e959d91ea2d3c6b6bf8c70794a72415b7cc9975e12e0
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence