njrat | d7e0f9f01d21669275b31575f2c2813aed31060df82a59841b569e6c9f0fa22c | Triage

Sharing

General

Target

d7e0f9f01d21669275b31575f2c2813aed31060df82a59841b569e6c9f0fa22c
Size

93KB
Sample

220520-2d9cbsfbf5
MD5

0731b24284bac8a51a07c316601a8acc
SHA1

013290bc0a3dba52122358f0e1aba4fb62dd8a94
SHA256

d7e0f9f01d21669275b31575f2c2813aed31060df82a59841b569e6c9f0fa22c
SHA512

4a25e8020cbe36de5a3a3409215fe97ab40c3079ec45d2df299ae119bf3096da8b917f70e8d745e903ff5501d3a74028de9e66a27103cda1622846f482f4d8f2

Score

10^/10

njrat condition evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Condition

C2

ODFRANSESCOuFRANSESCOjFRANSESCO0LjEyFRANSESCOy4xNwStrikStrik:NTU1Mg==

Mutex

2ecbdcd843e3b195718e08c3d44e52a4

Attributes

reg_key
2ecbdcd843e3b195718e08c3d44e52a4
splitter
|'|'|

Targets

- Target
  
  d7e0f9f01d21669275b31575f2c2813aed31060df82a59841b569e6c9f0fa22c
- Size
  
  93KB
- MD5
  
  0731b24284bac8a51a07c316601a8acc
- SHA1
  
  013290bc0a3dba52122358f0e1aba4fb62dd8a94
- SHA256
  
  d7e0f9f01d21669275b31575f2c2813aed31060df82a59841b569e6c9f0fa22c
- SHA512
  
  4a25e8020cbe36de5a3a3409215fe97ab40c3079ec45d2df299ae119bf3096da8b917f70e8d745e903ff5501d3a74028de9e66a27103cda1622846f482f4d8f2
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2