njrat | a5dc8f26c798e69286e119ec60820fc93ce1feb5946534b32f57e44ca4fd4d77 | Triage

Sharing

General

Target

a5dc8f26c798e69286e119ec60820fc93ce1feb5946534b32f57e44ca4fd4d77
Size

12KB
Sample

240419-wx7pysbg48
MD5

faa51de536a95d421c8ff881ee20382e
SHA1

fdf5a29681bb2c7ff4997a55a52f34c91a1b8826
SHA256

a5dc8f26c798e69286e119ec60820fc93ce1feb5946534b32f57e44ca4fd4d77
SHA512

098fa3b18e56f68d78351154ca3cee58607a309bb23fdcb1845479c010456648cd670dd120855d54551493d86c685f7679344b4165e81a4b485ec7cd8f2af207
SSDEEP

384:8c0yGxiEOmV03Pdqeh+aZ/f2yY/qVKxsBDZWPUYFgv+WIQ:8ryG/md0gvUxsBDZWsX2O

Score

10^/10

njrat webmail

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

WEBMAIL

C2

2525.libya2020.com.ly:2525

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  cf3fa450ee6a5df68a822168aa6b8abc408aa99291bfe2f38fe756e7e2483a5f
- Size
  
  27KB
- MD5
  
  d87ef56e588ba84a34bc2cae569388ec
- SHA1
  
  df03df1dab6c6341674ffa90656682f3264cc55f
- SHA256
  
  cf3fa450ee6a5df68a822168aa6b8abc408aa99291bfe2f38fe756e7e2483a5f
- SHA512
  
  94292dc96be58af5ef1532755fef3419a881641c2891d9b5e57d9072a007dffb1b7ee6d25ee7de217f69beefa7490bab4dabb1745207dfbcfce193af00f5b706
- SSDEEP
  
  384:pLv9oLXeA03/l7rEN4wuqP9BR3MpAQk93vmhm7UMKmIEecKdbXTzm9bVhcaY6RrZ:ZFcubSCpA/vMHTi9bD
Score

7^/10
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2