njrat | 4228fabb71ed6f2436f4eb67a6f2921f2854570c5ac179e9949a154ceb68d4c6 | Triage

Sharing

General

Target

9979cd8667b86a31147e0b04b5644cc0_NeikiAnalytics.exe
Size

28KB
Sample

240525-q2jk2aee6w
MD5

9979cd8667b86a31147e0b04b5644cc0
SHA1

d672fef0ed24d127ba54fc8b849fae1589a7e2f7
SHA256

4228fabb71ed6f2436f4eb67a6f2921f2854570c5ac179e9949a154ceb68d4c6
SHA512

244061a78495612836a6c9aa2b12c1f539f5cc24ab5aad936236358e3c4ef0a55a2326c732cf9be4c2850cc65a4a7b153ba99ffee17b8eab1c87a8e780e0003e
SSDEEP

384:PC2kDuwIlcHxiX9Y2UF4/RPY6bZyNeFlMfMLHm2Vo3O8TcdZcDMwScUievXeHEwK:rlwqyxiC4pPnF1mDeQcPNwSfUtSm

Score

10^/10

njrat cryter microsoft phishing

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Cryter

C2

amluOTg4*TYua3JvLmty:4444

Mutex

e773f562448816b894294964332a91e2

Attributes

reg_key
e773f562448816b894294964332a91e2
splitter
|'|'|

Targets

- Target
  
  9979cd8667b86a31147e0b04b5644cc0_NeikiAnalytics.exe
- Size
  
  28KB
- MD5
  
  9979cd8667b86a31147e0b04b5644cc0
- SHA1
  
  d672fef0ed24d127ba54fc8b849fae1589a7e2f7
- SHA256
  
  4228fabb71ed6f2436f4eb67a6f2921f2854570c5ac179e9949a154ceb68d4c6
- SHA512
  
  244061a78495612836a6c9aa2b12c1f539f5cc24ab5aad936236358e3c4ef0a55a2326c732cf9be4c2850cc65a4a7b153ba99ffee17b8eab1c87a8e780e0003e
- SSDEEP
  
  384:PC2kDuwIlcHxiX9Y2UF4/RPY6bZyNeFlMfMLHm2Vo3O8TcdZcDMwScUievXeHEwK:rlwqyxiC4pPnF1mDeQcPNwSfUtSm
Score

5^/10

microsoft phishing
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

microsoftphishing