njrat | 9870102055043d889fcd59201fd8825be6754378f93d3fadcd883783d2a71956 | Triage

Sharing

General

Target

9870102055043d889fcd59201fd8825be6754378f93d3fadcd883783d2a71956
Size

34KB
Sample

240419-wnrx5sbd78
MD5

686300db909689cb9eee92895f722f08
SHA1

1469ce0c609c266ab6bff8289d0d2c5f066fbf9a
SHA256

9870102055043d889fcd59201fd8825be6754378f93d3fadcd883783d2a71956
SHA512

646943c438c9e2ebfe8817df6e46a09b2a30eabc9070a6a7980af4544c27a655550317d4537846ee1fceeace95ce6b214c2d9dbe54cd74641f074bdf9b5cc731
SSDEEP

768:Pgz4uJSQF6iCaqFcGiD74NEiAPWBNywoc9sHTLFs56BcPJpe:Po4uwk76EJPWHybcW/7Eo

Score

10^/10

njrat bb evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

bb

C2

hakim32.ddns.net:2000

0.tcp.eu.ngrok.io:17888

Mutex

c86be61709b6b7df256fc75cd3352159

Attributes

reg_key
c86be61709b6b7df256fc75cd3352159
splitter
|'|'|

Targets

- Target
  
  9cbd2b339ef291aa366f995257c568f2c9b17fc456cf1e5fe099fd7761992ef7.exe
- Size
  
  93KB
- MD5
  
  a0ab6069a6cfd81cf79191fe474c3f33
- SHA1
  
  63fd372f99c19671300b1e10e1656ac829a63374
- SHA256
  
  9cbd2b339ef291aa366f995257c568f2c9b17fc456cf1e5fe099fd7761992ef7
- SHA512
  
  5731c5a0e5ae75eb03626cbd272dc60f5075ab9f14f16f23311729f822baf6c932e9f274a7754d63d8b601a4365cb365437b3f5cb403f299eae16fde7947fe02
- SSDEEP
  
  768:xY3oIU9jglPPMJI08+EyrERm9hX+Dl3A461mXxrjEtCdnl2pi1Rz4Rk3TsGdpSgM:mUZgdQ8+f4mXIA4tjEwzGi1dD/DSgS
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2