njrat | a5ea2ffe9edc8e65949ee701afb850605c5114e92974af29e75878d6215c0854 | Triage

Sharing

General

Target

a5ea2ffe9edc8e65949ee701afb850605c5114e92974af29e75878d6215c0854.exe
Size

37KB
Sample

240123-bvjj5aefbr
MD5

dd2868653dcd162b503269dbfe5345e4
SHA1

bd01c28753e06885bb90a673665355eafa6ba172
SHA256

a5ea2ffe9edc8e65949ee701afb850605c5114e92974af29e75878d6215c0854
SHA512

0313c6274d80ba6b35b777d385280cafa4c56695eb76966b1b9e19fa9844c75cff14854a41b3e2f6609c4632ef9dca5e8579ddc8a4b2edfd9041844647ede15d
SSDEEP

384:XKjoUiFebK7FmpE8QyEfuifpefHCwSrAF+rMRTyN/0L+EcoinblneHQM3epzXxNa:at2n8LEfuiAvCzrM+rMRa8Nurot

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:1221

Mutex

6c4657f091172f6663b7ef007c04889c

Attributes

reg_key
6c4657f091172f6663b7ef007c04889c
splitter
|'|'|

Targets

- Target
  
  a5ea2ffe9edc8e65949ee701afb850605c5114e92974af29e75878d6215c0854.exe
- Size
  
  37KB
- MD5
  
  dd2868653dcd162b503269dbfe5345e4
- SHA1
  
  bd01c28753e06885bb90a673665355eafa6ba172
- SHA256
  
  a5ea2ffe9edc8e65949ee701afb850605c5114e92974af29e75878d6215c0854
- SHA512
  
  0313c6274d80ba6b35b777d385280cafa4c56695eb76966b1b9e19fa9844c75cff14854a41b3e2f6609c4632ef9dca5e8579ddc8a4b2edfd9041844647ede15d
- SSDEEP
  
  384:XKjoUiFebK7FmpE8QyEfuifpefHCwSrAF+rMRTyN/0L+EcoinblneHQM3epzXxNa:at2n8LEfuiAvCzrM+rMRa8Nurot
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2