njrat | 64483dfb80410ad0e4275b69bc6bf8d169e2509d9796401822dbf98b5e159528 | Triage

Sharing

General

Target

ff67d97ad0ddcac29d3081e30029a4014b7f1646a3bcc2541ef49c62ea718df5.zip
Size

34KB
Sample

230321-r2cyxsbc89
MD5

c4b338bb27bba5b02a63b4e1e1b6ae66
SHA1

063b034ca4abf5b3b8343dff61ed2f543d2a2c34
SHA256

64483dfb80410ad0e4275b69bc6bf8d169e2509d9796401822dbf98b5e159528
SHA512

20f858eb24f2d0aea7c772e4869203f6bac2a345ee38e7bb0abde48333b0141eafd526b12bdfaffa61bb63c3ea5fe28c1c3a6ec15843668c8285fbe0e97b0292
SSDEEP

768:eI8lKaalIryZTbNrY41h37MyZL1/9uO23lfRGwO8JDmb:iKh791hZZLB9u3VZOcDmb

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

Ni50Y3AuZXUubmdyb2suaW8Strik:MTY1Nzc=

Mutex

2d0b7f3a2a904495a62fe734efa21dc1

Attributes

reg_key
2d0b7f3a2a904495a62fe734efa21dc1
splitter
|'|'|

Targets

- Target
  
  ff67d97ad0ddcac29d3081e30029a4014b7f1646a3bcc2541ef49c62ea718df5.exe
- Size
  
  93KB
- MD5
  
  e7468e6a89aeedd909f7f838d16140ec
- SHA1
  
  61a285db4a887ed0bbf36a2291514ba6cbac1e85
- SHA256
  
  ff67d97ad0ddcac29d3081e30029a4014b7f1646a3bcc2541ef49c62ea718df5
- SHA512
  
  1da98e99db82b490f943414890966a4b6e13c74913cb0f0633890adf8007c269be203173e8e7e128a380fa8d14a32aad08f61a5ca2508dc15b9aefb62fd54ea4
- SSDEEP
  
  768:JY3zxnD9O/pBcxYsbae6GIXb9pDX2t9zPL0OXLeuXxrjEtCdnl2pi1Rz4Rk31sG1:QxxOx6baIa9ROj00ljEwzGi1dDFDhgS
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2