njrat | 4494b47064580040f5c03f6ed4771a408ad50e2120b8d3fc2839aa8ec75d37a1 | Triage

Sharing

General

Target

Server.exe
Size

93KB
Sample

231125-1s7avadd7y
MD5

73d3b78ca5049712b163f90ced5f8e4b
SHA1

ddba28fd5b430b30d0524ddfa84afe828ebc429f
SHA256

4494b47064580040f5c03f6ed4771a408ad50e2120b8d3fc2839aa8ec75d37a1
SHA512

6dc19d75b1ee2be1c9f23af589925f2d141cd00b8bfd9a16b7e0b560415c95a1b78dee674be532567a67f1b080b16d4bd647349d1317b06469dccc17fe0746e0
SSDEEP

1536:XlwC+xhUa9urgOBPRNvM4jEwzGi1dD4DAgS:XlmUa9urgObdGi1d+p

Score

10^/10

njrat hacked evasion ransomware

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

zobhumide.duckdns.org:1608

Mutex

83e1038815725e0418e2fa4369b835fa

Attributes

reg_key
83e1038815725e0418e2fa4369b835fa
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  93KB
- MD5
  
  73d3b78ca5049712b163f90ced5f8e4b
- SHA1
  
  ddba28fd5b430b30d0524ddfa84afe828ebc429f
- SHA256
  
  4494b47064580040f5c03f6ed4771a408ad50e2120b8d3fc2839aa8ec75d37a1
- SHA512
  
  6dc19d75b1ee2be1c9f23af589925f2d141cd00b8bfd9a16b7e0b560415c95a1b78dee674be532567a67f1b080b16d4bd647349d1317b06469dccc17fe0746e0
- SSDEEP
  
  1536:XlwC+xhUa9urgOBPRNvM4jEwzGi1dD4DAgS:XlmUa9urgObdGi1d+p
Score

8^/10

evasion ransomware
- Modifies Windows Firewall
  evasion
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionransomware