njrat | 7c7ba89ee3046a45f2fbec7bb10cc437782bdd347152fb47199a776a75756a90 | Triage

Sharing

General

Target

7c7ba89ee3046a45f2fbec7bb10cc437782bdd347152fb47199a776a75756a90exe_JC.exe
Size

37KB
Sample

230806-lqxlasac4s
MD5

27f40a5673ac55f47d781331ef416de6
SHA1

2391e533a1c95f8fd20ee73cac60f5971bdd9f0b
SHA256

7c7ba89ee3046a45f2fbec7bb10cc437782bdd347152fb47199a776a75756a90
SHA512

dde5c40ee024a7a6e5a872f6ef1b2e102dfd9e9e2dbe1bea2810cdc738ee79b0ee5bc4d1330aa1ec4abab74bff1899ec5103acc4154cf97c1a13da875904b08e
SSDEEP

384:8kqBkiyjnDNGRn5IyUvapIrPbh+/VsIt6xrAF+rMRTyN/0L+EcoinblneHQM3epW:X35M5jUvairANsIQxrM+rMRa8NuCzt

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

6.tcp.eu.ngrok.io:16370

Mutex

49b2f82cf7c6d0d824497230af0610af

Attributes

reg_key
49b2f82cf7c6d0d824497230af0610af
splitter
|'|'|

Targets

- Target
  
  7c7ba89ee3046a45f2fbec7bb10cc437782bdd347152fb47199a776a75756a90exe_JC.exe
- Size
  
  37KB
- MD5
  
  27f40a5673ac55f47d781331ef416de6
- SHA1
  
  2391e533a1c95f8fd20ee73cac60f5971bdd9f0b
- SHA256
  
  7c7ba89ee3046a45f2fbec7bb10cc437782bdd347152fb47199a776a75756a90
- SHA512
  
  dde5c40ee024a7a6e5a872f6ef1b2e102dfd9e9e2dbe1bea2810cdc738ee79b0ee5bc4d1330aa1ec4abab74bff1899ec5103acc4154cf97c1a13da875904b08e
- SSDEEP
  
  384:8kqBkiyjnDNGRn5IyUvapIrPbh+/VsIt6xrAF+rMRTyN/0L+EcoinblneHQM3epW:X35M5jUvairANsIQxrM+rMRa8NuCzt
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2