njrat | 60064d93898e8228a90d538e44610b43c44a67d523feacb55691735853541d3a | Triage

Sharing

General

Target

0x000800000001230f-107.dat
Size

93KB
Sample

230314-g8q41sga4v
MD5

35211dce668b1a3f17aa7ff35d002954
SHA1

a0a67c344cae646e02aa152bc1f3ae50066ebe57
SHA256

60064d93898e8228a90d538e44610b43c44a67d523feacb55691735853541d3a
SHA512

9ca5cdf8c52b9dc12fa02ae37893d2271dd6605bb1a9df8481a2cb12ded1caf0139f045d6c9c90babc58cd6515deed436694c4a6ab899cbaa1fd5ada4d489c56
SSDEEP

768:UY3ByiSgmnldjcRoMwrx7Y+DIkIITJbXXKBpOtzux82WXxrjEtCdnl2pi1Rz4Rkr:1ygmlbrq+1NTZBOojEwzGi1dD6DOgS

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

Ni50Y3AuZXUubmdyb2suaW8Strik:MTA3MTI=

Mutex

9dd06b690cd90c449e471e22f62d779d

Attributes

reg_key
9dd06b690cd90c449e471e22f62d779d
splitter
|'|'|

Targets

- Target
  
  0x000800000001230f-107.dat
- Size
  
  93KB
- MD5
  
  35211dce668b1a3f17aa7ff35d002954
- SHA1
  
  a0a67c344cae646e02aa152bc1f3ae50066ebe57
- SHA256
  
  60064d93898e8228a90d538e44610b43c44a67d523feacb55691735853541d3a
- SHA512
  
  9ca5cdf8c52b9dc12fa02ae37893d2271dd6605bb1a9df8481a2cb12ded1caf0139f045d6c9c90babc58cd6515deed436694c4a6ab899cbaa1fd5ada4d489c56
- SSDEEP
  
  768:UY3ByiSgmnldjcRoMwrx7Y+DIkIITJbXXKBpOtzux82WXxrjEtCdnl2pi1Rz4Rkr:1ygmlbrq+1NTZBOojEwzGi1dD6DOgS
Score

8^/10

evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2