njrat | 7b31ba266baca7630caf49dc7f1c18657df4f2a001e6fb54876aa962fce02c39 | Triage

Sharing

General

Target

1264fc4908bcd1fb87843dcb0af91acd.exe
Size

93KB
Sample

220907-gakvcagdaj
MD5

1264fc4908bcd1fb87843dcb0af91acd
SHA1

7332d53824b4be424f599f3a41b1006b218ac7f2
SHA256

7b31ba266baca7630caf49dc7f1c18657df4f2a001e6fb54876aa962fce02c39
SHA512

d3bbca51ece77faa9b13af8ea7eb9b89a51815705211eee013ca622c4d89662d06a326a1f8bdd9033cbced09555d4c31f340fc89773470d17ba23f0bff756271
SSDEEP

1536:mOy1GkeUqZJO5wNSimjEwzGi1dDwD+gS:mOdUqZJOeAOi1duj

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

bm9ydGhlcm4taG9tZS5hdC5wbGF5aXQuZ2cStrik:MTc0NjQ=

Mutex

2d8360624d001a5333946e96f90095cd

Attributes

reg_key
2d8360624d001a5333946e96f90095cd
splitter
|'|'|

Targets

- Target
  
  1264fc4908bcd1fb87843dcb0af91acd.exe
- Size
  
  93KB
- MD5
  
  1264fc4908bcd1fb87843dcb0af91acd
- SHA1
  
  7332d53824b4be424f599f3a41b1006b218ac7f2
- SHA256
  
  7b31ba266baca7630caf49dc7f1c18657df4f2a001e6fb54876aa962fce02c39
- SHA512
  
  d3bbca51ece77faa9b13af8ea7eb9b89a51815705211eee013ca622c4d89662d06a326a1f8bdd9033cbced09555d4c31f340fc89773470d17ba23f0bff756271
- SSDEEP
  
  1536:mOy1GkeUqZJO5wNSimjEwzGi1dDwD+gS:mOdUqZJOeAOi1duj
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2