njrat | dbfadddbe24ee459e7aac3c6937748b3d60e0f9547b77bdc1a582f2c7aba8838 | Triage

Sharing

General

Target

dbfadddbe24ee459e7aac3c6937748b3d60e0f9547b77bdc1a582f2c7aba8838
Size

78KB
Sample

220121-26fkqacfhl
MD5

7ab3c97a8dcf771d4279407882118889
SHA1

c57f92cff68befeeb9286ec6d85ef8fc9ae728c7
SHA256

dbfadddbe24ee459e7aac3c6937748b3d60e0f9547b77bdc1a582f2c7aba8838
SHA512

0d94699da5bc986f56711cd3e90944bbb31b0084a66b931d2a1a00c334162a5411a70854c328045cbef55edafcd2f79b3c2ced1c39d45eeac176c773d0003744

Score

10^/10

njrat pilonera persistence

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Pilonera

C2

FESTIVALDEAMOR.PUBLICVM.COM:1407

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
1234

Targets

- Target
  
  dbfadddbe24ee459e7aac3c6937748b3d60e0f9547b77bdc1a582f2c7aba8838
- Size
  
  78KB
- MD5
  
  7ab3c97a8dcf771d4279407882118889
- SHA1
  
  c57f92cff68befeeb9286ec6d85ef8fc9ae728c7
- SHA256
  
  dbfadddbe24ee459e7aac3c6937748b3d60e0f9547b77bdc1a582f2c7aba8838
- SHA512
  
  0d94699da5bc986f56711cd3e90944bbb31b0084a66b931d2a1a00c334162a5411a70854c328045cbef55edafcd2f79b3c2ced1c39d45eeac176c773d0003744
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2