njrat | c4d91faa43fba5722a70d24bfae8c4156739a6a1a618a015c298db8436f5cf3e | Triage

Sharing

General

Target

bDJ8.exe
Size

36KB
Sample

220727-ywf7qahagq
MD5

c0b389e125d888b7bca8dcd4ea25c1bf
SHA1

b58b899489e969e7cb6e0e471f47df80b62dcfc3
SHA256

c4d91faa43fba5722a70d24bfae8c4156739a6a1a618a015c298db8436f5cf3e
SHA512

294037a8eafc91403d9cc8536a76eee590c585647ab2b6af54b7d63a03f9e7420997a0d76b14824745275305f14b615c4c8d7879eb60669f8121c846dbd00000

Score

10^/10

njrat hacked

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

https://pastebin.com/raw/kPWAhaA1:5552

Mutex

6a2634340fbf8a0a2c038c6263d49fd1

Attributes

reg_key
6a2634340fbf8a0a2c038c6263d49fd1
splitter
|'|'|

Targets

- Target
  
  bDJ8.exe
- Size
  
  36KB
- MD5
  
  c0b389e125d888b7bca8dcd4ea25c1bf
- SHA1
  
  b58b899489e969e7cb6e0e471f47df80b62dcfc3
- SHA256
  
  c4d91faa43fba5722a70d24bfae8c4156739a6a1a618a015c298db8436f5cf3e
- SHA512
  
  294037a8eafc91403d9cc8536a76eee590c585647ab2b6af54b7d63a03f9e7420997a0d76b14824745275305f14b615c4c8d7879eb60669f8121c846dbd00000
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2