njrat | cee57b33d9a14bfa7d99377f01de76e84866d56502b0a39ba864f23694361f99 | Triage

Sharing

General

Target

Server.exe
Size

37KB
Sample

240424-xy4v5aff7t
MD5

c421a92b2889871191d33a8a04d97ce0
SHA1

39931c2c83520838c6ae48f5f3d178b8dcdda453
SHA256

cee57b33d9a14bfa7d99377f01de76e84866d56502b0a39ba864f23694361f99
SHA512

848c6e28d70a1196378944ca06f12d7dd18c8b1591035271bb21d25f028b98fb70a49c63b14f578c806230095836345bb8ac37ba6c2477455c430774b9c6bfbf
SSDEEP

768:ykcNwMslUV0bwO/+i8airM+rMRa8Nu3Qt:yH0lU6x+ixd+gRJNU

Score

10^/10

njrat ctfmon evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

ctfmon

C2

4.tcp.eu.ngrok.io:12138

Mutex

c75d7fe7b676826b38271224a9b87371

Attributes

reg_key
c75d7fe7b676826b38271224a9b87371
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  37KB
- MD5
  
  c421a92b2889871191d33a8a04d97ce0
- SHA1
  
  39931c2c83520838c6ae48f5f3d178b8dcdda453
- SHA256
  
  cee57b33d9a14bfa7d99377f01de76e84866d56502b0a39ba864f23694361f99
- SHA512
  
  848c6e28d70a1196378944ca06f12d7dd18c8b1591035271bb21d25f028b98fb70a49c63b14f578c806230095836345bb8ac37ba6c2477455c430774b9c6bfbf
- SSDEEP
  
  768:ykcNwMslUV0bwO/+i8airM+rMRa8Nu3Qt:yH0lU6x+ixd+gRJNU
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2