njrat | f8b6231f52280b80a4841056725ee74b1cdccf2da96a46c8e9c6c79ecb6f7832 | Triage

Sharing

General

Target

f8b6231f52280b80a4841056725ee74b1cdccf2da96a46c8e9c6c79ecb6f7832
Size

37KB
Sample

220520-12rxhseee3
MD5

99958775545abef31b666b51d150fe13
SHA1

f023f69f9dea93f96f519e6afa0ffc61502f735d
SHA256

f8b6231f52280b80a4841056725ee74b1cdccf2da96a46c8e9c6c79ecb6f7832
SHA512

3028da32486d25b7fa0900dbe48f3e2bdfe5795e06b0b39ae905bef9d6e248bb9b1b03bbdd33b1addec68e5e3bae3f78a6c98f78206012f33871d8ae3b7f24ec

Score

10^/10

njrat 122223 evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

122223

C2

89.46.100.217:6666

Mutex

12c4e4affcda9791909db863ed954b5c

Attributes

reg_key
12c4e4affcda9791909db863ed954b5c
splitter
|'|'|

Targets

- Target
  
  f8b6231f52280b80a4841056725ee74b1cdccf2da96a46c8e9c6c79ecb6f7832
- Size
  
  37KB
- MD5
  
  99958775545abef31b666b51d150fe13
- SHA1
  
  f023f69f9dea93f96f519e6afa0ffc61502f735d
- SHA256
  
  f8b6231f52280b80a4841056725ee74b1cdccf2da96a46c8e9c6c79ecb6f7832
- SHA512
  
  3028da32486d25b7fa0900dbe48f3e2bdfe5795e06b0b39ae905bef9d6e248bb9b1b03bbdd33b1addec68e5e3bae3f78a6c98f78206012f33871d8ae3b7f24ec
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2