njrat | 73870820b2784abba4cc69c26a57743e5a4e306727c7dc2d28e5753fa5fed2d7 | Triage

Sharing

General

Target

0x000a000000013482-60.dat
Size

93KB
Sample

221003-3p355acfb2
MD5

0c6c4a3d96c78a24d6568b83e141896e
SHA1

f5fb76840cb984722f61b370fb6641fa4ad9ac7e
SHA256

73870820b2784abba4cc69c26a57743e5a4e306727c7dc2d28e5753fa5fed2d7
SHA512

1700a41014d50b79dd896fee0a705c700f3c534860b0ceefebc6413941520aedad7aa85f1f4c11d84c362b46de15e5ca7d9fa4a108fbaa9ca895107dee1d68be
SSDEEP

768:HY30lnD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3rsGy:xlxOx6baIa9RZj00ljEwzGi1dDXDMgS

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

Ni50Y3AuZXUubmdyb2suaW8Strik:MTM5OTI=

Mutex

dcc8f8f212bdcee4931d8d1d2c481753

Attributes

reg_key
dcc8f8f212bdcee4931d8d1d2c481753
splitter
|'|'|

Targets

- Target
  
  0x000a000000013482-60.dat
- Size
  
  93KB
- MD5
  
  0c6c4a3d96c78a24d6568b83e141896e
- SHA1
  
  f5fb76840cb984722f61b370fb6641fa4ad9ac7e
- SHA256
  
  73870820b2784abba4cc69c26a57743e5a4e306727c7dc2d28e5753fa5fed2d7
- SHA512
  
  1700a41014d50b79dd896fee0a705c700f3c534860b0ceefebc6413941520aedad7aa85f1f4c11d84c362b46de15e5ca7d9fa4a108fbaa9ca895107dee1d68be
- SSDEEP
  
  768:HY30lnD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3rsGy:xlxOx6baIa9RZj00ljEwzGi1dDXDMgS
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2