njrat | 52f4937c80ab5e677ef2a0a169632067a74f8b9eef4f4994e9f5a9f5e36c2b56 | Triage

Sharing

General

Target

121e18b2c5111707637ef2896cfb566c.exe
Size

37KB
Sample

220829-ag6xtsgdfk
MD5

121e18b2c5111707637ef2896cfb566c
SHA1

4f7f131ba7dc7e6bfe98c092b95fe891e50b0105
SHA256

52f4937c80ab5e677ef2a0a169632067a74f8b9eef4f4994e9f5a9f5e36c2b56
SHA512

7035f403662c6f01a4f1475c929888aff82650e2328ce45cd916dbfef7b53542ca5b402f20e189f8afb9f7e8619c21d2dfe7b173872da6965bc7dea86ebfc616
SSDEEP

384:u8Os0IiejvCVLO309QmykrtG+dA+VfwvOSifrAF+rMRTyN/0L+EcoinblneHQM3T:GFdGdkrgYRwWS0rM+rMRa8NuHYt

Score

10^/10

njrat hacked evasion persistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

3.67.161.133:13313

Mutex

c60029bc13b6f6bd71b31a478dff99d5

Attributes

reg_key
c60029bc13b6f6bd71b31a478dff99d5
splitter
|'|'|

Targets

- Target
  
  121e18b2c5111707637ef2896cfb566c.exe
- Size
  
  37KB
- MD5
  
  121e18b2c5111707637ef2896cfb566c
- SHA1
  
  4f7f131ba7dc7e6bfe98c092b95fe891e50b0105
- SHA256
  
  52f4937c80ab5e677ef2a0a169632067a74f8b9eef4f4994e9f5a9f5e36c2b56
- SHA512
  
  7035f403662c6f01a4f1475c929888aff82650e2328ce45cd916dbfef7b53542ca5b402f20e189f8afb9f7e8619c21d2dfe7b173872da6965bc7dea86ebfc616
- SSDEEP
  
  384:u8Os0IiejvCVLO309QmykrtG+dA+VfwvOSifrAF+rMRTyN/0L+EcoinblneHQM3T:GFdGdkrgYRwWS0rM+rMRa8NuHYt
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence