njrat | b3b4c231dd32aabacd3c1652f06d2596371abcebf79dab58455ac0ba85358427 | Triage

Sharing

General

Target

b3b4c231dd32aabacd3c1652f06d2596371abcebf79dab58455ac0ba85358427
Size

30KB
Sample

220724-v218ascgcm
MD5

0d58990b3e931f4fd88153ac7513a7d6
SHA1

2269b5e9abcd7b20155918b00fff969a13087b0a
SHA256

b3b4c231dd32aabacd3c1652f06d2596371abcebf79dab58455ac0ba85358427
SHA512

ce8bcb95fc3d5ae13ab854edc0e322f37c4dd3b61643f38c3f8d701d9c2de3fd2fa73984f5b537d002fa4172fd0abe507b8ba02477e15f3003635032738364de

Score

10^/10

njrat hacked persistence

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

rosst.ddns.net:110

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes

reg_key
5cd8f17f4086744065eb0992a09e05a2
splitter
|'|'|

Targets

- Target
  
  b3b4c231dd32aabacd3c1652f06d2596371abcebf79dab58455ac0ba85358427
- Size
  
  30KB
- MD5
  
  0d58990b3e931f4fd88153ac7513a7d6
- SHA1
  
  2269b5e9abcd7b20155918b00fff969a13087b0a
- SHA256
  
  b3b4c231dd32aabacd3c1652f06d2596371abcebf79dab58455ac0ba85358427
- SHA512
  
  ce8bcb95fc3d5ae13ab854edc0e322f37c4dd3b61643f38c3f8d701d9c2de3fd2fa73984f5b537d002fa4172fd0abe507b8ba02477e15f3003635032738364de
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2