njrat | 260f03c767532b2c578650c9b03794188ed0d6e83ce45898bc2a461af05f1552 | Triage

Sharing

General

Target

260f03c767532b2c578650c9b03794188ed0d6e83ce45898bc2a461af05f1552
Size

43KB
Sample

220625-j8as5sfae7
MD5

c3b23ef0f71492d5714cd7ad4078c626
SHA1

1c7c775d12bdad43fe9bda0a742ad1ed894f751f
SHA256

260f03c767532b2c578650c9b03794188ed0d6e83ce45898bc2a461af05f1552
SHA512

09db36004ce53825e11e1af7c2a84b1e08fd7d74aeb2ab98b0cf7b223d8db29c5522e1685bd16ba836d4ad8196fdfe74e696757da36a78cd075d56d449db0e37

Score

10^/10

njrat kevin rains persistence

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

kevin rains

C2

192.168.1.24:1982

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  260f03c767532b2c578650c9b03794188ed0d6e83ce45898bc2a461af05f1552
- Size
  
  43KB
- MD5
  
  c3b23ef0f71492d5714cd7ad4078c626
- SHA1
  
  1c7c775d12bdad43fe9bda0a742ad1ed894f751f
- SHA256
  
  260f03c767532b2c578650c9b03794188ed0d6e83ce45898bc2a461af05f1552
- SHA512
  
  09db36004ce53825e11e1af7c2a84b1e08fd7d74aeb2ab98b0cf7b223d8db29c5522e1685bd16ba836d4ad8196fdfe74e696757da36a78cd075d56d449db0e37
Score

7^/10

persistence
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

kevin rainsnjrat

behavioral1

behavioral2