njrat | f00081238b88a0a933dacc79d5406097918cc91454a6045a3b77cd47f825eea8 | Triage

Sharing

General

Target

Server.exe
Size

93KB
Sample

231212-wdj5jsahg3
MD5

6ecaeda97e71ca06c16f1de261bde554
SHA1

03900cc265f0341aa2c46814166f03c15ed7575d
SHA256

f00081238b88a0a933dacc79d5406097918cc91454a6045a3b77cd47f825eea8
SHA512

fe81c0ca76f61f6afae805ffcb3e3c2b4c5e9a3554a1918b607a48e3535adb5ff1cd9d864a7d5666023cbac0a30458a57f809295789d2c48817646bae3077b8a
SSDEEP

768:3Y3D2QtCTpPchQRza90g5rxPXijj2TAuC4qu2XxrjEtCdnl2pi1Rz4Rk3hsGdpk3:S2CC9dzaGwrVJOzjEwzGi1dDxDkgS

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

5.tcp.eu.ngrok.io:11220

Mutex

3e4126f7efc072b5d006dec011e350d2

Attributes

reg_key
3e4126f7efc072b5d006dec011e350d2
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  93KB
- MD5
  
  6ecaeda97e71ca06c16f1de261bde554
- SHA1
  
  03900cc265f0341aa2c46814166f03c15ed7575d
- SHA256
  
  f00081238b88a0a933dacc79d5406097918cc91454a6045a3b77cd47f825eea8
- SHA512
  
  fe81c0ca76f61f6afae805ffcb3e3c2b4c5e9a3554a1918b607a48e3535adb5ff1cd9d864a7d5666023cbac0a30458a57f809295789d2c48817646bae3077b8a
- SSDEEP
  
  768:3Y3D2QtCTpPchQRza90g5rxPXijj2TAuC4qu2XxrjEtCdnl2pi1Rz4Rk3hsGdpk3:S2CC9dzaGwrVJOzjEwzGi1dDxDkgS
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3