njrat | b1727ad59b96a98fe402d6a1387883e4827d367c5ed5e9e2c1e774943ff9af81 | Triage

Sharing

General

Target

6300cd47981db7ad53f80501990bc415.exe
Size

53KB
Sample

221123-vcs6dsgf58
MD5

6300cd47981db7ad53f80501990bc415
SHA1

0e0f81e0e732750ec8aaa4e68b9a905ab1019bd2
SHA256

b1727ad59b96a98fe402d6a1387883e4827d367c5ed5e9e2c1e774943ff9af81
SHA512

6e14a6d3023148a66492a0724a0dbf3826decd09dbaadc4e61ac4ae3a623b4d3c3fb0a6e5a034f21991a1eec258d64cefaef6336aa75655fc8a6302b21b952c5
SSDEEP

768:hv+R1NkrppqFidrM+rMRa8NuIrtUem4qaiBzX4t1PLqEp:hv+R1CNpqUG+gRJN3yEqackPLt

Score

10^/10

njrat ffre evasion persistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

ffre

C2

2.tcp.eu.ngrok.io:10896

Mutex

c0f65bea1ff98f553ab1098ecc7ff595

Attributes

reg_key
c0f65bea1ff98f553ab1098ecc7ff595
splitter
|'|'|

Targets

- Target
  
  6300cd47981db7ad53f80501990bc415.exe
- Size
  
  53KB
- MD5
  
  6300cd47981db7ad53f80501990bc415
- SHA1
  
  0e0f81e0e732750ec8aaa4e68b9a905ab1019bd2
- SHA256
  
  b1727ad59b96a98fe402d6a1387883e4827d367c5ed5e9e2c1e774943ff9af81
- SHA512
  
  6e14a6d3023148a66492a0724a0dbf3826decd09dbaadc4e61ac4ae3a623b4d3c3fb0a6e5a034f21991a1eec258d64cefaef6336aa75655fc8a6302b21b952c5
- SSDEEP
  
  768:hv+R1NkrppqFidrM+rMRa8NuIrtUem4qaiBzX4t1PLqEp:hv+R1CNpqUG+gRJN3yEqackPLt
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence