njrat | bd340c283098f70367d0bc051ade99259897d50a2d44d2302f5c29ca28ff1f01 | Triage

Sharing

General

Target

845e6c0d7cc883afd04ceecfb6037178.exe
Size

93KB
Sample

220916-xzcs2accbr
MD5

845e6c0d7cc883afd04ceecfb6037178
SHA1

7aff88c15a39074586ce7397a5f6730fdf5775ec
SHA256

bd340c283098f70367d0bc051ade99259897d50a2d44d2302f5c29ca28ff1f01
SHA512

fbcefa613b75401c28b67c26306c04fce11db0fec9bb07ec5cd7a4f95227da548b98a451e3f0777854e9aeeda8814b2ed73055225e9e5d1667a962bad8f30f41
SSDEEP

1536:3lRs5p8k2HGjTpL5HoTjEwzGi1dDgDUgS:3lbk2HGjtL5IYi1dWN

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

Ny50Y3AuZXUubmdyb2suaW8Strik:MTA2NDk=

Mutex

95cb92103dd3679a12cfd813b03dba8e

Attributes

reg_key
95cb92103dd3679a12cfd813b03dba8e
splitter
|'|'|

Targets

- Target
  
  845e6c0d7cc883afd04ceecfb6037178.exe
- Size
  
  93KB
- MD5
  
  845e6c0d7cc883afd04ceecfb6037178
- SHA1
  
  7aff88c15a39074586ce7397a5f6730fdf5775ec
- SHA256
  
  bd340c283098f70367d0bc051ade99259897d50a2d44d2302f5c29ca28ff1f01
- SHA512
  
  fbcefa613b75401c28b67c26306c04fce11db0fec9bb07ec5cd7a4f95227da548b98a451e3f0777854e9aeeda8814b2ed73055225e9e5d1667a962bad8f30f41
- SSDEEP
  
  1536:3lRs5p8k2HGjTpL5HoTjEwzGi1dDgDUgS:3lbk2HGjtL5IYi1dWN
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2