njrat | e6600d367719a89437eefc72638d9f72e8b0a4862f6a631c9c0b9220cf5504b6 | Triage

Sharing

General

Target

0x000600000000b2d2-55.dat
Size

37KB
Sample

221207-mkhevsbh8s
MD5

796efce929adb1a5a248eb60440cf8cb
SHA1

3db9c7325099854bcfbe1108228982daca3f86d3
SHA256

e6600d367719a89437eefc72638d9f72e8b0a4862f6a631c9c0b9220cf5504b6
SHA512

4c1eec85aeef14373a0e5c2bdebda87abbc7bdfb8789417cbc62b2b1a756ed2ea30ff92fa2c9feebc30993a790e3de8021a5395044bbfdd00cb888cc34835bad
SSDEEP

384:PIiKMizdnjnBhFbJ8ycPzNX9Bwy25ArAF+rMRTyN/0L+EcoinblneHQM3epzXxN1:AignlLJfcPzNXt2qrM+rMRa8NuHtt

Score

10^/10

njrat hacked evasion persistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

outside-fine.at.ply.gg:6549

Mutex

78e0d93fb2344857b8ed5232e4bc04ef

Attributes

reg_key
78e0d93fb2344857b8ed5232e4bc04ef
splitter
|'|'|

Targets

- Target
  
  0x000600000000b2d2-55.dat
- Size
  
  37KB
- MD5
  
  796efce929adb1a5a248eb60440cf8cb
- SHA1
  
  3db9c7325099854bcfbe1108228982daca3f86d3
- SHA256
  
  e6600d367719a89437eefc72638d9f72e8b0a4862f6a631c9c0b9220cf5504b6
- SHA512
  
  4c1eec85aeef14373a0e5c2bdebda87abbc7bdfb8789417cbc62b2b1a756ed2ea30ff92fa2c9feebc30993a790e3de8021a5395044bbfdd00cb888cc34835bad
- SSDEEP
  
  384:PIiKMizdnjnBhFbJ8ycPzNX9Bwy25ArAF+rMRTyN/0L+EcoinblneHQM3epzXxN1:AignlLJfcPzNXt2qrM+rMRa8NuHtt
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence