njrat | dc7c7d955056b7541a75756878e60b0a79c076aaf2c0564f85562d21d11471f4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dc7c7d955056b7541a75756878e60b0a79c076aaf2c0564f85562d21d11471f4
Size

217KB
Sample

221121-29be6sbb44
MD5

c6f022e0abfc8c61eb604a12518e4564
SHA1

ca449a1996a855f5bd1fba902bc694c6355acc98
SHA256

dc7c7d955056b7541a75756878e60b0a79c076aaf2c0564f85562d21d11471f4
SHA512

efd620a4cbbb22021f053c870c53163cc674ac9b954fcd1383f442d215295233358d3ce040772cf068a7e846734fa7c1253b6ce3bfbbd0e0408f0e1698e33d0c
SSDEEP

3072:qxLTA29k/xr+VBFaImYIYiheeeeeeeeefYDeOiClppeppOpplppepppDppptpppd:29kZrMBgJSOG9iO2RK

Score

10^/10

njrat -_-evasion

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

-_-

C2

husooneahmed.ddns.net:666

Mutex

d5a38e9b5f206c41f8851bf04a251d26

Attributes

reg_key
d5a38e9b5f206c41f8851bf04a251d26
splitter
|'|'|

Targets

- Target
  
  dc7c7d955056b7541a75756878e60b0a79c076aaf2c0564f85562d21d11471f4
- Size
  
  217KB
- MD5
  
  c6f022e0abfc8c61eb604a12518e4564
- SHA1
  
  ca449a1996a855f5bd1fba902bc694c6355acc98
- SHA256
  
  dc7c7d955056b7541a75756878e60b0a79c076aaf2c0564f85562d21d11471f4
- SHA512
  
  efd620a4cbbb22021f053c870c53163cc674ac9b954fcd1383f442d215295233358d3ce040772cf068a7e846734fa7c1253b6ce3bfbbd0e0408f0e1698e33d0c
- SSDEEP
  
  3072:qxLTA29k/xr+VBFaImYIYiheeeeeeeeefYDeOiClppeppOpplppepppDppptpppd:29kZrMBgJSOG9iO2RK
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2