njrat | bf6c2b464574634375d7816633916412f8897bbe97c297104e5a74ce63b6b5c9 | Triage

Sharing

General

Target

dllhost.exe
Size

36KB
Sample

240425-y4swgseb5y
MD5

1c39ebe638963f41ce3ed83db9b4ce16
SHA1

67d888fc35a2dcb8626d956d7ae75fb3713a888b
SHA256

bf6c2b464574634375d7816633916412f8897bbe97c297104e5a74ce63b6b5c9
SHA512

478c251901cae448cb3e789b6c9301bbaa2c3c37fa3e2b6ec7d2dc639849365785afad9b0e558ce227ab46f641c93f69c1a458030a69872385342089db6fed46
SSDEEP

384:BQaiBcN6EKvHHNyAvNYW7Z55E+/BxK7DQYtDgtykYrihlxNm/oU3mvj1SD9SvLN0:B4qWHsAvNpK+5xKjKgkbCTaSp4LNhy

Score

10^/10

njrat 01-23-2024 evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

01-23-2024

C2

sknt6.ddns.net:4000

Mutex

0e3cb439688a34c86b6adbecb4d86758

Attributes

reg_key
0e3cb439688a34c86b6adbecb4d86758
splitter
|'|'|

Targets

- Target
  
  dllhost.exe
- Size
  
  36KB
- MD5
  
  1c39ebe638963f41ce3ed83db9b4ce16
- SHA1
  
  67d888fc35a2dcb8626d956d7ae75fb3713a888b
- SHA256
  
  bf6c2b464574634375d7816633916412f8897bbe97c297104e5a74ce63b6b5c9
- SHA512
  
  478c251901cae448cb3e789b6c9301bbaa2c3c37fa3e2b6ec7d2dc639849365785afad9b0e558ce227ab46f641c93f69c1a458030a69872385342089db6fed46
- SSDEEP
  
  384:BQaiBcN6EKvHHNyAvNYW7Z55E+/BxK7DQYtDgtykYrihlxNm/oU3mvj1SD9SvLN0:B4qWHsAvNpK+5xKjKgkbCTaSp4LNhy
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

01-23-2024njrat

behavioral1