njrat | 7527323a12bb2682047a438f8eb0b1ea4049e0733202fe0597e48dc00c1f23a4 | Triage

Resubmissions

08-06-2023 13:20

230608-qld1lsff34 10

06-06-2023 23:56

230606-3yzt3agb49 10

Sharing

General

Target

baa39b6dd7f993583c3c877f33972906.exe
Size

37KB
Sample

230606-3yzt3agb49
MD5

baa39b6dd7f993583c3c877f33972906
SHA1

39608e3f124aaf0ae73b94ed1b79bfb4959c5370
SHA256

7527323a12bb2682047a438f8eb0b1ea4049e0733202fe0597e48dc00c1f23a4
SHA512

c27f55455eab3507b399a7fe15662485c780a43dd259f44f4faf0e2db804cc4f8b0dc25f5c34ba5ee050ddac528f6d1a0385a67f34c80449d0a1d0cceabca3f1
SSDEEP

384:4KwCT0i9rdTe/kCOyU7jcnZ8DfmTdrAF+rMRTyN/0L+EcoinblneHQM3epzXKNrY:R1J1CFU7jcC7m5rM+rMRa8NuYWt

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

4.tcp.eu.ngrok.io:19554

Mutex

a3e3a48b4a1c3f8d4bc114e02152973f

Attributes

reg_key
a3e3a48b4a1c3f8d4bc114e02152973f
splitter
|'|'|

Targets

- Target
  
  baa39b6dd7f993583c3c877f33972906.exe
- Size
  
  37KB
- MD5
  
  baa39b6dd7f993583c3c877f33972906
- SHA1
  
  39608e3f124aaf0ae73b94ed1b79bfb4959c5370
- SHA256
  
  7527323a12bb2682047a438f8eb0b1ea4049e0733202fe0597e48dc00c1f23a4
- SHA512
  
  c27f55455eab3507b399a7fe15662485c780a43dd259f44f4faf0e2db804cc4f8b0dc25f5c34ba5ee050ddac528f6d1a0385a67f34c80449d0a1d0cceabca3f1
- SSDEEP
  
  384:4KwCT0i9rdTe/kCOyU7jcnZ8DfmTdrAF+rMRTyN/0L+EcoinblneHQM3epzXKNrY:R1J1CFU7jcC7m5rM+rMRa8NuYWt
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2