njrat | 6365bfab0c3f51ed16222655d8d4f8c9eecd113ed8840eaf094fc724da37421f | Triage

Sharing

General

Target

143b5d2c002c8d0dd24097cf20f790d0.exe
Size

93KB
Sample

231209-hw34gsggd4
MD5

143b5d2c002c8d0dd24097cf20f790d0
SHA1

c9eef9e55f8028e7c946f604ea1a19fb75c62544
SHA256

6365bfab0c3f51ed16222655d8d4f8c9eecd113ed8840eaf094fc724da37421f
SHA512

6b290328e3e54475d676f631ae0bb89421ab43ceb96135ad16274c5210337d9eb94d6385d3ebabee348500baf842794c399c5f105a16ea719b2b75eec6113819
SSDEEP

1536:txwC+xhUa9urgOBPmNvM4jEwzGi1dD1DhgS:txmUa9urgOkdGi1d5e

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

0.tcp.eu.ngrok.io:15713

Mutex

ade7ccccf9fb4b66977379c0a093a7be

Attributes

reg_key
ade7ccccf9fb4b66977379c0a093a7be
splitter
|'|'|

Targets

- Target
  
  143b5d2c002c8d0dd24097cf20f790d0.exe
- Size
  
  93KB
- MD5
  
  143b5d2c002c8d0dd24097cf20f790d0
- SHA1
  
  c9eef9e55f8028e7c946f604ea1a19fb75c62544
- SHA256
  
  6365bfab0c3f51ed16222655d8d4f8c9eecd113ed8840eaf094fc724da37421f
- SHA512
  
  6b290328e3e54475d676f631ae0bb89421ab43ceb96135ad16274c5210337d9eb94d6385d3ebabee348500baf842794c399c5f105a16ea719b2b75eec6113819
- SSDEEP
  
  1536:txwC+xhUa9urgOBPmNvM4jEwzGi1dD1DhgS:txmUa9urgOkdGi1d5e
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2