njrat | 9dd52b40a3ae0a4247054f3472ef35f93c0575d064e6b9acbbc5f327bfa7f9fb | Triage

Sharing

General

Target

9dd52b40a3ae0a4247054f3472ef35f93c0575d064e6b9acbbc5f327bfa7f9fb
Size

34KB
Sample

240419-wxy3tabg38
MD5

8bcf723b79d848e84c6f4900fe5efe06
SHA1

e7da6ccf0623d995fcd78b5b6c6df96786b78549
SHA256

9dd52b40a3ae0a4247054f3472ef35f93c0575d064e6b9acbbc5f327bfa7f9fb
SHA512

cc127c748a3cc80bcb50e9c3739665b352da4f922b02e2879f96e5a243b30010c0bfef0cf80c157e461b3052771ad7ef4198e62669504424767c57cf219433ee
SSDEEP

768:ATTHqAij2ccYNuubAPZAMaVMeC49xX7uipUAlZ1:i1iC0ufPX7arlpUAD1

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

svr1.mcsvr.online:27339

Mutex

83f035c7891be2d12e8a2b5de2568b9f

Attributes

reg_key
83f035c7891be2d12e8a2b5de2568b9f
splitter
|'|'|

Targets

- Target
  
  045d53361953bf6e24021d351ed7ae482a13253cdec4f4dfdcb2e724c6bf9ac6
- Size
  
  93KB
- MD5
  
  b9d76e539eab834fb0a366f78a0f1a5f
- SHA1
  
  1063b6d3c9857bf4b884ce0ab5a4faedab84b31a
- SHA256
  
  045d53361953bf6e24021d351ed7ae482a13253cdec4f4dfdcb2e724c6bf9ac6
- SHA512
  
  d91077cdd568dc17a455d34f2c6075ec453b648422bb4ca0afd20b36e64de98f1aabe0866f813e1c6ed6ac16b73c208af4f9615651592c1074960438e095e08c
- SSDEEP
  
  1536:YlwC+xhUa9urgOBPRNvM4jEwzGi1dDxDggS:YlmUa9urgObdGi1d1J
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2