njrat | 1f7b3c14df18b53233421d630468fba392e0ea3058502cf73fbd83bf77bb994d | Triage

Sharing

General

Target

1f7b3c14df18b53233421d630468fba392e0ea3058502cf73fbd83bf77bb994d
Size

37KB
Sample

231204-vj7x5adc99
MD5

a1a88671237a04541b15257398625905
SHA1

c8442846b3484b99e2525da119474f89322fc58a
SHA256

1f7b3c14df18b53233421d630468fba392e0ea3058502cf73fbd83bf77bb994d
SHA512

1ec2dba9adec2159271409364e31e021e9265b29c68fbd6860cb67913000cd5fd4feda98f87a0c2130050e6418103be8f01afc451392105313da575d529e401d
SSDEEP

384:peSvEiTbTvpWNcZ0y8fvCv3v3cLkacparAF+rMRTyN/0L+EcoinblneHQM3epzXL:MS7TZ38fvCv3E1cQrM+rMRa8NuIyt

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

7.tcp.eu.ngrok.io:19201

Mutex

d9b3248281f8765b31e9728c906f6bbc

Attributes

reg_key
d9b3248281f8765b31e9728c906f6bbc
splitter
|'|'|

Targets

- Target
  
  1f7b3c14df18b53233421d630468fba392e0ea3058502cf73fbd83bf77bb994d
- Size
  
  37KB
- MD5
  
  a1a88671237a04541b15257398625905
- SHA1
  
  c8442846b3484b99e2525da119474f89322fc58a
- SHA256
  
  1f7b3c14df18b53233421d630468fba392e0ea3058502cf73fbd83bf77bb994d
- SHA512
  
  1ec2dba9adec2159271409364e31e021e9265b29c68fbd6860cb67913000cd5fd4feda98f87a0c2130050e6418103be8f01afc451392105313da575d529e401d
- SSDEEP
  
  384:peSvEiTbTvpWNcZ0y8fvCv3v3cLkacparAF+rMRTyN/0L+EcoinblneHQM3epzXL:MS7TZ38fvCv3E1cQrM+rMRa8NuIyt
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2