njrat | 39449ed5c7216f72854dd70892f232a9bf18d2fadfa11815241e945fe8b9f693 | Triage

Sharing

General

Target

Server.exe
Size

93KB
Sample

231207-pzxjfaag99
MD5

4df32b61307af55a1af2834da73b1ba8
SHA1

3b0d10a30541a44b379fc803eae7b517c4d8c49f
SHA256

39449ed5c7216f72854dd70892f232a9bf18d2fadfa11815241e945fe8b9f693
SHA512

14c8bb72a473f27018d438fd7377c5d05a31a35f5150446156721fadc15eba97fe69b6c65dd4de3982ca2628b09b3ef278e7c68a0ab153ec74698d60b15c4057
SSDEEP

768:VY3MUgSgmnldjcRoMwrx7Y+DIkIITJbXX0pOtqux82WXxrjEtCdnl2pi1Rz4Rk3F:DUumlbrq+1NTZCOojEwzGi1dDlDHgS

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

223.27.104.5:5552

Mutex

98b71bccbab23604ef3120fd714656d8

Attributes

reg_key
98b71bccbab23604ef3120fd714656d8
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  93KB
- MD5
  
  4df32b61307af55a1af2834da73b1ba8
- SHA1
  
  3b0d10a30541a44b379fc803eae7b517c4d8c49f
- SHA256
  
  39449ed5c7216f72854dd70892f232a9bf18d2fadfa11815241e945fe8b9f693
- SHA512
  
  14c8bb72a473f27018d438fd7377c5d05a31a35f5150446156721fadc15eba97fe69b6c65dd4de3982ca2628b09b3ef278e7c68a0ab153ec74698d60b15c4057
- SSDEEP
  
  768:VY3MUgSgmnldjcRoMwrx7Y+DIkIITJbXX0pOtqux82WXxrjEtCdnl2pi1Rz4Rk3F:DUumlbrq+1NTZCOojEwzGi1dDlDHgS
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2