njrat | b3ce84c47a7387ae000f417d4c593979712be1e150fb718595670a1c3b2aee5a | Triage

Sharing

General

Target

b3ce84c47a7387ae000f417d4c593979712be1e150fb718595670a1c3b2aee5a
Size

12KB
Sample

240419-wx64escf2y
MD5

ae9dff6bf8a8daffc7705f1baa90dc34
SHA1

c5ca14bf8060fe4ec871486658d3b2bd8969d9f8
SHA256

b3ce84c47a7387ae000f417d4c593979712be1e150fb718595670a1c3b2aee5a
SHA512

a58d1fedf9c1f34b290b52d77f8332d1d6acfc6e990f5a36e40262a02e52058231a99a029d26f29bbae3aa63fb660e820ee80d659cddd15d1cc7c9e9243f12e2
SSDEEP

192:ozO00BAsUjjRKa7J2ggXtXe9mjmeL4PkLTM2HbWprWymlQZOEp56PcS86Pee2MMv:ozOjMMUwZji+c9InlQUM5VILS

Score

10^/10

njrat xxxxxxx[1010]xxxxxx

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

XXXXXXX[1010]XXXXXX

C2

2525.libya2020.com.ly:2525

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  1e1c070a0f2d2545be43e14814124b18bb46f458fb7f66e51c6a6a426f8ad4da
- Size
  
  27KB
- MD5
  
  7e218eed1af2db84a75912df15723daf
- SHA1
  
  57ade91ca0b30cd87e0188699c03f122bc1533d1
- SHA256
  
  1e1c070a0f2d2545be43e14814124b18bb46f458fb7f66e51c6a6a426f8ad4da
- SHA512
  
  5c2ec03e8774aeec4f79604c472918b631ef0dcdc5e7618725ceb45390ad7c1316eb984705f129b8eaa65b3cba348afc1d1fa3900100a9e8e2f463364930a57d
- SSDEEP
  
  384:SLUr3KYeA0NCFgLENYQZgPaWmIjMJAQk93vmhm7UMKmIEecKdbXTzm9bVhcaz6V1:MmCxyYgJA/vMHTi9bD
Score

7^/10
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

xxxxxxx[1010]xxxxxxnjrat

behavioral1

behavioral2