njrat | 93f5fa4893007b17277433e909b9c8a3cd668cabf3cfa7642c3ca180e769a657 | Triage

Sharing

General

Target

22379be846f2856c90a47fda13776e5b.exe
Size

37KB
Sample

231205-akfvtage66
MD5

22379be846f2856c90a47fda13776e5b
SHA1

1562ca8e25002572bfa3debb2166186fc6c15757
SHA256

93f5fa4893007b17277433e909b9c8a3cd668cabf3cfa7642c3ca180e769a657
SHA512

f19476e614d50ec1c01aa29c6b7681af47f2a0a57a55a8c19f9e53ba907f8c324b669f475780b3507dd849195d358680c72a5f980684a021097b8cd3fc5b8dde
SSDEEP

384:SQmOq0IiejvCVLO309QmykrtG+dA+VCwvOSifrAF+rMRTyN/0L+EcoinblneHQMX:SGLdGdkrgYUwWS0rM+rMRa8NuNmt

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

5.tcp.eu.ngrok.io:11520

Mutex

7e8db224079647731226aa79dc3dc99b

Attributes

reg_key
7e8db224079647731226aa79dc3dc99b
splitter
|'|'|

Targets

- Target
  
  22379be846f2856c90a47fda13776e5b.exe
- Size
  
  37KB
- MD5
  
  22379be846f2856c90a47fda13776e5b
- SHA1
  
  1562ca8e25002572bfa3debb2166186fc6c15757
- SHA256
  
  93f5fa4893007b17277433e909b9c8a3cd668cabf3cfa7642c3ca180e769a657
- SHA512
  
  f19476e614d50ec1c01aa29c6b7681af47f2a0a57a55a8c19f9e53ba907f8c324b669f475780b3507dd849195d358680c72a5f980684a021097b8cd3fc5b8dde
- SSDEEP
  
  384:SQmOq0IiejvCVLO309QmykrtG+dA+VCwvOSifrAF+rMRTyN/0L+EcoinblneHQMX:SGLdGdkrgYUwWS0rM+rMRa8NuNmt
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2