njrat | 595bc6807aef650248673de47f893de57e24c36c67886623c04751b1ef034244 | Triage

Sharing

General

Target

595bc6807aef650248673de47f893de57e24c36c67886623c04751b1ef034244
Size

16KB
Sample

240419-v8emwaah63
MD5

c3c49626b1b1e3ae09b24ba8077f66e9
SHA1

afc6d6154e6bd210a5dbc17702e2b88427e88f21
SHA256

595bc6807aef650248673de47f893de57e24c36c67886623c04751b1ef034244
SHA512

1ac7aff3f60f39952756ff3f03d617dc362e228058405dd5d75c79e8772598bcf2262a3447b79b5d1c363b134317ece414adb56bc227ee4a7edfe1d9e39c425a
SSDEEP

384:YsmL3TNVeC8/tZ0rVOZUaDR4YYZWPDDjFv9P2YfDtgzXjjd1b1E:YPL3Tm75PR1bFvs7PzRE

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

5.tcp.eu.ngrok.io:14627

Mutex

679cab003fd3fda88d5f3ca577e0a266

Attributes

reg_key
679cab003fd3fda88d5f3ca577e0a266
splitter
|'|'|

Targets

- Target
  
  e0de83c02f5ea3c96dcdfa8c304c1bc97563e128c96813834f8146cbdc6b01b0.exe
- Size
  
  37KB
- MD5
  
  804a24c7c5f4edceb2f379b83bd07a11
- SHA1
  
  6440269c59d21155743cdbc8dc14f73b80e36c51
- SHA256
  
  e0de83c02f5ea3c96dcdfa8c304c1bc97563e128c96813834f8146cbdc6b01b0
- SHA512
  
  675cd0e51d9bf87c93203d0f7f12cd3c3a4d288e4fb934e1184c89a4b225a415b533c51ee5b877529e7818836ef7d682f62adf2c7e5c34319efaf6179a55c9cf
- SSDEEP
  
  384:Ghg+vEiTbZvpWNcZ0y8f1CRDX5CLk6SiUrAF+rMRTyN/0L+EcoinblneHQM3epzO:j+dTZ38f1CRDcNSHrM+rMRa8Numzt
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2