njrat | cbb6191e4f764b4c676bbc409eb96bd2a6513159381d65a0991d00a88093ded5 | Triage

Sharing

General

Target

cbb6191e4f764b4c676bbc409eb96bd2a6513159381d65a0991d00a88093ded5
Size

16KB
Sample

240419-vapeesae41
MD5

b90574cc1f18b9c3a6bae72f07d1e11f
SHA1

346b4fec933be37322a32fec6f75104d26c689d1
SHA256

cbb6191e4f764b4c676bbc409eb96bd2a6513159381d65a0991d00a88093ded5
SHA512

7c3bc83e7149237fb30d3174407df7f458ec2af544d6a77b808031e375b1e7a64fb4a69aed77b7ec60d8ad0c423b869dd9e495843cea7d05c9768ed2c658f707
SSDEEP

384:B5xhrb9JWt7anF94tVg4uN0YKTbSPgMzKqip:zzrJkB294tVbuKYKqPgMzKtp

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:11544

Mutex

afec9fcd48a46dedc429cd119e0e18b4

Attributes

reg_key
afec9fcd48a46dedc429cd119e0e18b4
splitter
|'|'|

Targets

- Target
  
  5647e8f07e026ae7c27dd2ca1273b0cb6738547668b35cdcb47e27c7049c2137.exe
- Size
  
  37KB
- MD5
  
  b9aa83e4bb5dcf404a118a3499c180b4
- SHA1
  
  b6eb15c01e788b443c922e25306f9253a7007f7c
- SHA256
  
  5647e8f07e026ae7c27dd2ca1273b0cb6738547668b35cdcb47e27c7049c2137
- SHA512
  
  1b3c7c94ba6db0e7ddf3e3cbf0be336f06d9784adfd918e7bc59e29b4f98a33d87fce7df0b5841c0792c91b3e0d9fb261a7836be3856e8e16839052f44b5dd88
- SSDEEP
  
  384:qGOQiluhHeTnMGiyMT3KPRxjnW+hrAF+rMRTyN/0L+EcoinblneHQM3epzXoNrnL:jpSMGxMT3KfzW6rM+rMRa8Nuift
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2