njrat | 986318ede14f0c866a87c7a9afb87a86cf126e223608c017e94a9b6cedada3a1 | Triage

Sharing

General

Target

7eabcccdd626bbb3883ec3984f0fe573.exe
Size

37KB
Sample

230311-2casdabe57
MD5

7eabcccdd626bbb3883ec3984f0fe573
SHA1

bd03afef8d7c4398edf3be8256d98e195b371aa3
SHA256

986318ede14f0c866a87c7a9afb87a86cf126e223608c017e94a9b6cedada3a1
SHA512

827009e45bbf3a3110658c5c546325174f334e6533cb4633fc3ed15063180e30457d83f3cae5b6d23e5fd0a12c1ebd5fa3b362b1d5c69bbb6c57bbdb3e1048b5
SSDEEP

384:p6l+yw7BeAaXaEiVbzdmB0O4yUvNixgp+Z2v/RYJ/oM6IMrAF+rMRTyN/0L+Ecoi:ocyw79POTUvNZYv6trM+rMRa8Nu2qt

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

51.79.205.152:5552

Mutex

56ba8666b184f20ecaf6484958a533b4

Attributes

reg_key
56ba8666b184f20ecaf6484958a533b4
splitter
|'|'|

Targets

- Target
  
  7eabcccdd626bbb3883ec3984f0fe573.exe
- Size
  
  37KB
- MD5
  
  7eabcccdd626bbb3883ec3984f0fe573
- SHA1
  
  bd03afef8d7c4398edf3be8256d98e195b371aa3
- SHA256
  
  986318ede14f0c866a87c7a9afb87a86cf126e223608c017e94a9b6cedada3a1
- SHA512
  
  827009e45bbf3a3110658c5c546325174f334e6533cb4633fc3ed15063180e30457d83f3cae5b6d23e5fd0a12c1ebd5fa3b362b1d5c69bbb6c57bbdb3e1048b5
- SSDEEP
  
  384:p6l+yw7BeAaXaEiVbzdmB0O4yUvNixgp+Z2v/RYJ/oM6IMrAF+rMRTyN/0L+Ecoi:ocyw79POTUvNZYv6trM+rMRa8Nu2qt
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2