njrat | 6000cb4765d6219aeea0210a1ecec6af293e3ee6e330f560e30c043987f5aeb7 | Triage

Sharing

General

Target

b598b0ecf0848c10ca61aa23c93ed5f9.exe
Size

91KB
Sample

211228-3cks1sece2
MD5

b598b0ecf0848c10ca61aa23c93ed5f9
SHA1

3dd842fb3ab58046de7f4d4c2f0d28b4404a1c57
SHA256

6000cb4765d6219aeea0210a1ecec6af293e3ee6e330f560e30c043987f5aeb7
SHA512

9aec32b1c79788eee9bf6fd20122603dab131e0c3d5e209e1502583d65a44e012765158ee3f25a07d44b92cc9872dd0af2d92c0dedd058e587f530f47fa0493d

Score

10^/10

njrat xmrig sch18 evasion miner

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

SCH18

C2

Ni50Y3Aubmdyb2suaW8Strik:MTU5OTQ=

Mutex

940392137100e6acf55150b72ab840d6

Attributes

reg_key
940392137100e6acf55150b72ab840d6
splitter
|'|'|

Targets

- Target
  
  b598b0ecf0848c10ca61aa23c93ed5f9.exe
- Size
  
  91KB
- MD5
  
  b598b0ecf0848c10ca61aa23c93ed5f9
- SHA1
  
  3dd842fb3ab58046de7f4d4c2f0d28b4404a1c57
- SHA256
  
  6000cb4765d6219aeea0210a1ecec6af293e3ee6e330f560e30c043987f5aeb7
- SHA512
  
  9aec32b1c79788eee9bf6fd20122603dab131e0c3d5e209e1502583d65a44e012765158ee3f25a07d44b92cc9872dd0af2d92c0dedd058e587f530f47fa0493d
Score

10^/10

xmrig evasion miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Modifies Windows Firewall
  evasion
- Drops startup file
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigevasionminer

behavioral2