njrat | 14f609646adc449fbb8f358e7aefcdc343468d82bb913dcd4d50cbb01c6b3312 | Triage

Sharing

General

Target

14f609646adc449fbb8f358e7aefcdc343468d82bb913dcd4d50cbb01c6b3312
Size

16KB
Sample

240419-wf6fkaca41
MD5

fbc0a2e7d8e8cac1fa4867748eecf3ca
SHA1

91c655584e6393e74a831b461747beea55eb496c
SHA256

14f609646adc449fbb8f358e7aefcdc343468d82bb913dcd4d50cbb01c6b3312
SHA512

daf7cf9ab1ed35e1de42cabe247efca5b6ff386c13fb9bed943cfb964b0e8db9a6c73cf19a03fac763ba4ae7bd7b49a801768236b11ebf36384b285979fada3b
SSDEEP

384:Mqt+1YOaoxMpbFymPCxr3u2hwW3xchvYUTshTnG+ObnbrQRsLojif:MqtyYzrrjq13u2hwcxevpYNG+YM2Eif

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:15451

Mutex

1026a75483502437f7df6cd87292f363

Attributes

reg_key
1026a75483502437f7df6cd87292f363
splitter
|'|'|

Targets

- Target
  
  55445ef6261ed803ea65e9cb491d50a6884903f8301da5ca1b9449dad4de8612.exe
- Size
  
  37KB
- MD5
  
  bb540ca02e338d2a4a86785776f780c5
- SHA1
  
  347a77103e27f5c463948d88870b0ba48045e3bf
- SHA256
  
  55445ef6261ed803ea65e9cb491d50a6884903f8301da5ca1b9449dad4de8612
- SHA512
  
  8de7a6c1d416f7ec9151f31341c8dc77676f8379c1183223699a852dbf30cc6cfd168c6f057b8016fda5998bd6600f21e176cb6f4f95343fbb034e1b007e52af
- SSDEEP
  
  384:TemOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM9:T4FdGdkrgYRwWS9rM+rMRa8Nu6tt
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2