njrat | f5cb673a1908c5d618e56e76a40d174076a86f87fbe2a45ceb08b98557baf37a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a34aad8b44cf60e0d78cb7b5df04e7a9.exe
Size

37KB
Sample

230329-bjx85seb76
MD5

a34aad8b44cf60e0d78cb7b5df04e7a9
SHA1

f45889eec7f3d9e33deb6bbcff54b1cefb5c064c
SHA256

f5cb673a1908c5d618e56e76a40d174076a86f87fbe2a45ceb08b98557baf37a
SHA512

2356cf3ee4dfb2ef1303159d4f1d47c72df0e233e4b661fa9c83502ce499f34515777307ff2e135e8bc5d52f0e4d1c6789a83112a2382eeead7e3cab878fa156
SSDEEP

384:r55zqi0ZJZtbH9KyM+2BzmW3VIsmabXrAF+rMRTyN/0L+EcoinblneHQM3epzX/I:t+J95M+2B6Wa9abrM+rMRa8NuxYt

Score

10^/10

njrat fr13nds evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

FR13NDS

C2

4.tcp.eu.ngrok.io:12248

Mutex

ba94eecacb3879501fdd28802f29e2e5

Attributes

reg_key
ba94eecacb3879501fdd28802f29e2e5
splitter
|'|'|

Targets

- Target
  
  a34aad8b44cf60e0d78cb7b5df04e7a9.exe
- Size
  
  37KB
- MD5
  
  a34aad8b44cf60e0d78cb7b5df04e7a9
- SHA1
  
  f45889eec7f3d9e33deb6bbcff54b1cefb5c064c
- SHA256
  
  f5cb673a1908c5d618e56e76a40d174076a86f87fbe2a45ceb08b98557baf37a
- SHA512
  
  2356cf3ee4dfb2ef1303159d4f1d47c72df0e233e4b661fa9c83502ce499f34515777307ff2e135e8bc5d52f0e4d1c6789a83112a2382eeead7e3cab878fa156
- SSDEEP
  
  384:r55zqi0ZJZtbH9KyM+2BzmW3VIsmabXrAF+rMRTyN/0L+EcoinblneHQM3epzX/I:t+J95M+2B6Wa9abrM+rMRa8NuxYt
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2