njrat | 9a606cde6920bbb79b316c8ccab52faf4c11ddd20dfaa564a04bca15785ee465 | Triage

Sharing

General

Target

474111655e52390d024b3a3388666331.bin
Size

37KB
Sample

221201-ttcdjafc38
MD5

474111655e52390d024b3a3388666331
SHA1

e5f56fabeb4d771bfad57bb9d2eb2c25ec4fa05b
SHA256

9a606cde6920bbb79b316c8ccab52faf4c11ddd20dfaa564a04bca15785ee465
SHA512

a680c5909425a6ad9269c51f2da4a6251c58995c8f272459a94556b3e5279cc457b1787f4ae135e7c2eb800f398d8453549fa8a6ed5fda53d2f1ef3711dc7485
SSDEEP

384:EeLx1kit8Zf5W9cTYXyc/bBM0izvncnPMIurAF+rMRTyN/0L+EcoinblneHQM3eY:pLxKjjTYic/be0PM/rM+rMRa8NuQBt

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

8.tcp.ngrok.io:12836

Mutex

68a6970c11f81376c499f26364b4a822

Attributes

reg_key
68a6970c11f81376c499f26364b4a822
splitter
|'|'|

Targets

- Target
  
  474111655e52390d024b3a3388666331.bin
- Size
  
  37KB
- MD5
  
  474111655e52390d024b3a3388666331
- SHA1
  
  e5f56fabeb4d771bfad57bb9d2eb2c25ec4fa05b
- SHA256
  
  9a606cde6920bbb79b316c8ccab52faf4c11ddd20dfaa564a04bca15785ee465
- SHA512
  
  a680c5909425a6ad9269c51f2da4a6251c58995c8f272459a94556b3e5279cc457b1787f4ae135e7c2eb800f398d8453549fa8a6ed5fda53d2f1ef3711dc7485
- SSDEEP
  
  384:EeLx1kit8Zf5W9cTYXyc/bBM0izvncnPMIurAF+rMRTyN/0L+EcoinblneHQM3eY:pLxKjjTYic/be0PM/rM+rMRa8NuQBt
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2