njrat | 32064b227c71528839b8e12b5b146ca30c7c8b14dd2de844a7f9ac33447d9e1b | Triage

Sharing

General

Target

Server2.exe
Size

93KB
Sample

230715-nsl9fsaa92
MD5

99e853cafc9f7388bfb2c589befa031c
SHA1

dafdcf6b18fc510749bc8954f061f3746c1213b2
SHA256

32064b227c71528839b8e12b5b146ca30c7c8b14dd2de844a7f9ac33447d9e1b
SHA512

6885636a339fd11c16b8d54ee4a3579d8abbd101d24802d944bf6b05d57c846061c4c20b322cede761b5349d0710855a7cab3f6db14c510a4aa322f161143894
SSDEEP

1536:i55edxQJ9waK7jh7CQjEwzGi1dDJDrgS:i50QJ9waK7jtCBi1d1k

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

tr2.localto.net:38960

Mutex

826b22ef700aaefcf31da94d3a2fb0b7

Attributes

reg_key
826b22ef700aaefcf31da94d3a2fb0b7
splitter
|'|'|

Targets

- Target
  
  Server2.exe
- Size
  
  93KB
- MD5
  
  99e853cafc9f7388bfb2c589befa031c
- SHA1
  
  dafdcf6b18fc510749bc8954f061f3746c1213b2
- SHA256
  
  32064b227c71528839b8e12b5b146ca30c7c8b14dd2de844a7f9ac33447d9e1b
- SHA512
  
  6885636a339fd11c16b8d54ee4a3579d8abbd101d24802d944bf6b05d57c846061c4c20b322cede761b5349d0710855a7cab3f6db14c510a4aa322f161143894
- SSDEEP
  
  1536:i55edxQJ9waK7jh7CQjEwzGi1dDJDrgS:i50QJ9waK7jtCBi1d1k
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2