njrat | af20d219cb1b2a55aa52637195a6f797f6fb980148735c54e5598c224d32307e | Triage

Sharing

General

Target

af20d219cb1b2a55aa52637195a6f797f6fb980148735c54e5598c224d32307e
Size

34KB
Sample

240419-v1mzaaaf37
MD5

67d7c2625c89f6217f7d588c04dca69d
SHA1

c0ca3427565d686cc7d06ef577815dd4bf037eaa
SHA256

af20d219cb1b2a55aa52637195a6f797f6fb980148735c54e5598c224d32307e
SHA512

7ae568bd0350b6fd3e0ec3b6440c3bd4b9f6a45a3fe9160cb5a1c9e0d041c9caf8bb44accc0b69786127936f6380e0fd848f4c2759f1563abd46c038a20c4bfc
SSDEEP

768:XO34EqdUffHhALQU4ug9ZRg0IeP0hVO92tSfJ:XOIEAUffH2B4T9gZo92to

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

0.tcp.eu.ngrok.io:18595

Mutex

919094467c31347c7137dd444837fdc3

Attributes

reg_key
919094467c31347c7137dd444837fdc3
splitter
|'|'|

Targets

- Target
  
  5b45188cebe24c4309d3d884cb92bc5d9466e9dd8fa57f670b0008931e18562e.exe
- Size
  
  93KB
- MD5
  
  627d146f44e901aa1bcd48effb3b788f
- SHA1
  
  8964f3c422dc04d0e71c7fe8439df4da708eeb3b
- SHA256
  
  5b45188cebe24c4309d3d884cb92bc5d9466e9dd8fa57f670b0008931e18562e
- SHA512
  
  91c3cb47d136166b11fd64c5efad4ce063197ea42de19dc74c9b557e82ec7b8f15b9dace70891259abd27d0775b8efccf089f34f44586350d383268568ae12c5
- SSDEEP
  
  768:lY31Um/o9eUVTsZ4E+rLDPQmJ/ewL54lLdJXn5513Sr2YxgXxrjEtCdnl2pi1RzC:yUeoZp/eM4LvFSrdqjEwzGi1dDcD/gS
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2