njrat | 94908648da7011c73a9a3179082d0e782c4ae2dca4a15a209287b1c97e0c557d | Triage

Sharing

General

Target

2212-8-0x0000000000440000-0x0000000000452000-memory.dmp
Size

72KB
Sample

231204-zl1ztafd9t
MD5

5348f761b8b3fb6d1f3979b0ce74db97
SHA1

213474fed0de61a1fa3b900af60ff0762bdeed30
SHA256

94908648da7011c73a9a3179082d0e782c4ae2dca4a15a209287b1c97e0c557d
SHA512

39a08dae1edf93eb67a847ae9f4f087ec4c23baca4ad267c982acc00f36583f29047b0b1732cf01a1b69b3437d0a2fdbbb7f13eb6e0203a6148aa3b9afee27f3
SSDEEP

1536:7EXR4ByV1rkDtM6HaL9xN3XK5Xs14/PFDu1m3ROQg/SPbogqABA1pAbcz:meQAML9xN3XK5Xs14/PFDu1uROQg/SPI

Score

10^/10

njrat hacked persistence

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

abdoooo3.ddns.net:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  2212-8-0x0000000000440000-0x0000000000452000-memory.dmp
- Size
  
  72KB
- MD5
  
  5348f761b8b3fb6d1f3979b0ce74db97
- SHA1
  
  213474fed0de61a1fa3b900af60ff0762bdeed30
- SHA256
  
  94908648da7011c73a9a3179082d0e782c4ae2dca4a15a209287b1c97e0c557d
- SHA512
  
  39a08dae1edf93eb67a847ae9f4f087ec4c23baca4ad267c982acc00f36583f29047b0b1732cf01a1b69b3437d0a2fdbbb7f13eb6e0203a6148aa3b9afee27f3
- SSDEEP
  
  1536:7EXR4ByV1rkDtM6HaL9xN3XK5Xs14/PFDu1m3ROQg/SPbogqABA1pAbcz:meQAML9xN3XK5Xs14/PFDu1uROQg/SPI
Score

7^/10

persistence
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2