njrat | f8eaf13037c4f24220c4357451e2ae7d93a1e981a3771d47a5ead02ed7100a7c | Triage

Sharing

General

Target

f8eaf13037c4f24220c4357451e2ae7d93a1e981a3771d47a5ead02ed7100a7c
Size

29KB
Sample

221204-r96afahg76
MD5

3ba96c068753ba1d2244864dca8ef100
SHA1

3c57bb591f686e1e68a8f4ca5ef726f1d120184f
SHA256

f8eaf13037c4f24220c4357451e2ae7d93a1e981a3771d47a5ead02ed7100a7c
SHA512

d6d0f013ea10e6da46b569da25794fb5df1b131c2f41bdf95f39899371b93912190498276ac247ab3f0bb48773ae1da610e13f73d355074b0884be93e294d075
SSDEEP

768:8ca7ZNMLbhel2+qqa+WelBKh0p29SgRC1p:u7/AHT8KhG29jC1p

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

127.0.0.1:1177

Mutex

babe8364d0b44de2ea6e4bcccd70281e

Attributes

reg_key
babe8364d0b44de2ea6e4bcccd70281e
splitter
|'|'|

Targets

- Target
  
  f8eaf13037c4f24220c4357451e2ae7d93a1e981a3771d47a5ead02ed7100a7c
- Size
  
  29KB
- MD5
  
  3ba96c068753ba1d2244864dca8ef100
- SHA1
  
  3c57bb591f686e1e68a8f4ca5ef726f1d120184f
- SHA256
  
  f8eaf13037c4f24220c4357451e2ae7d93a1e981a3771d47a5ead02ed7100a7c
- SHA512
  
  d6d0f013ea10e6da46b569da25794fb5df1b131c2f41bdf95f39899371b93912190498276ac247ab3f0bb48773ae1da610e13f73d355074b0884be93e294d075
- SSDEEP
  
  768:8ca7ZNMLbhel2+qqa+WelBKh0p29SgRC1p:u7/AHT8KhG29jC1p
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2