njrat | 6d01f1bc81c4920bead56ce3190919a7b19ad36c76b35dd0f66f3d384b5db624 | Triage

Sharing

General

Target

Server.exe
Size

92KB
Sample

240521-wqh31sdf9z
MD5

f192a0fb4cc3538f3854897ccba51d77
SHA1

b5f4045ab4a938085b9737a0b8d6473125144050
SHA256

6d01f1bc81c4920bead56ce3190919a7b19ad36c76b35dd0f66f3d384b5db624
SHA512

de25fee4a39ae12c8e3c9a5b88cc3c73ac5719e34c0219471004fe342d76985c546e8c5b18c232760dba211ce369054593b2d8c7201acf8bb46b439862899415
SSDEEP

1536:13aSNZQCtuSZYYY0YI7FKq34KYvodudmR+rxylRJQrE9/u:13pZQC8SZYL0jBKqVuYmozJ8E92

Score

10^/10

njrat evasion

Malware Config

Extracted

Family

njrat

C2

hakim32.ddns.net:2000

Targets

- Target
  
  Server.exe
- Size
  
  92KB
- MD5
  
  f192a0fb4cc3538f3854897ccba51d77
- SHA1
  
  b5f4045ab4a938085b9737a0b8d6473125144050
- SHA256
  
  6d01f1bc81c4920bead56ce3190919a7b19ad36c76b35dd0f66f3d384b5db624
- SHA512
  
  de25fee4a39ae12c8e3c9a5b88cc3c73ac5719e34c0219471004fe342d76985c546e8c5b18c232760dba211ce369054593b2d8c7201acf8bb46b439862899415
- SSDEEP
  
  1536:13aSNZQCtuSZYYY0YI7FKq34KYvodudmR+rxylRJQrE9/u:13pZQC8SZYL0jBKqVuYmozJ8E92
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1