njrat | 3f79fcce4323e3d2619f38a4b5c8ea1fb858dfc95b6189c0993e63e09ad779ef | Triage

Sharing

General

Target

3f79fcce4323e3d2619f38a4b5c8ea1fb858dfc95b6189c0993e63e09ad779ef
Size

37KB
Sample

220520-e7gg3schgr
MD5

1c153f6f53440a0b7980738e93ee4db5
SHA1

6762b5a3c0a9ecdc6689a8ddfabf32f4046c7658
SHA256

3f79fcce4323e3d2619f38a4b5c8ea1fb858dfc95b6189c0993e63e09ad779ef
SHA512

e3d934b3ffd4d57d2bfa22fe70cb037f1428cc66cefaaca18ac6fd5098ea37354667ec3fd828baddd0b90cf9b6b647bcd557255fa37f1febdfd0e8d3e5e09e00

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

198.16.70.27:1709

Mutex

912c3bfd29c7b2d861c3044a0e545dce

Attributes

reg_key
912c3bfd29c7b2d861c3044a0e545dce
splitter
|'|'|

Targets

- Target
  
  3f79fcce4323e3d2619f38a4b5c8ea1fb858dfc95b6189c0993e63e09ad779ef
- Size
  
  37KB
- MD5
  
  1c153f6f53440a0b7980738e93ee4db5
- SHA1
  
  6762b5a3c0a9ecdc6689a8ddfabf32f4046c7658
- SHA256
  
  3f79fcce4323e3d2619f38a4b5c8ea1fb858dfc95b6189c0993e63e09ad779ef
- SHA512
  
  e3d934b3ffd4d57d2bfa22fe70cb037f1428cc66cefaaca18ac6fd5098ea37354667ec3fd828baddd0b90cf9b6b647bcd557255fa37f1febdfd0e8d3e5e09e00
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2