njrat | 81295b7e1d453fcb5e419e1ddcafd3ad5ed9b6dfe06a0ed1965abd5541e776ea | Triage

Sharing

General

Target

81295b7e1d453fcb5e419e1ddcafd3ad5ed9b6dfe06a0ed1965abd5541e776ea
Size

34KB
Sample

240419-wx25gacf2t
MD5

54df674a17c3347ffd06276e9c5b5ee2
SHA1

6528720668ef20eb3c30beebf5a3ceff46981fe6
SHA256

81295b7e1d453fcb5e419e1ddcafd3ad5ed9b6dfe06a0ed1965abd5541e776ea
SHA512

8aaba1c0496b7f2b025dac625e0c0a65d68eff2ccebf42c1b25277dcd5eeac88996adb8fa85b93176cd50bc0ac17f54ec22e2c6b3bbb2236efc6f6cb81081baf
SSDEEP

768:RlTFq2LSk9B8RWqAB1fW6zXkwFG3E6p4dRO:RlhqlnIxW6zXtGU6qRO

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

dhbgtfrhtg.hopto.org:4567

Mutex

82929df163dd650a038a0155ad90fc73

Attributes

reg_key
82929df163dd650a038a0155ad90fc73
splitter
|'|'|

Targets

- Target
  
  2adc80237470f1d07e1f8aade0b386cec89a358aee369956dbabf41bbe75fcea
- Size
  
  93KB
- MD5
  
  8a8904d76db00876469dae710d9e0aec
- SHA1
  
  56599d4cb032c2960fcf38aa6fa486187c3b9f57
- SHA256
  
  2adc80237470f1d07e1f8aade0b386cec89a358aee369956dbabf41bbe75fcea
- SHA512
  
  bbf45ad7d305e3f586ac805a3a2abb5b315954a8d8e4157344d1a83d562dfaacd432f58b5317b79e7fbcda0c5d80a337690101cf080b9c333b22d9df1e73ea33
- SSDEEP
  
  768:NY33UfhWXxyFcxovUKUJuROprXtWN8eYhYbmXxrjEtCdnl2pi1Rz4Rk3DsGdpegM:wU5WhIUKcuOJhPhBjEwzGi1dDPDegS
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2