njrat | afb052f7e558c4ef31dd87120f2639eac0b9621388d10db6be9118e3b52b1452 | Triage

Sharing

General

Target

0406846f16234e81d64d3b6c5e74eb00_NeikiAnalytics.exe
Size

23KB
Sample

240603-z8eebsae88
MD5

0406846f16234e81d64d3b6c5e74eb00
SHA1

68348aed236d1f90ce197022dd484a40358ff16f
SHA256

afb052f7e558c4ef31dd87120f2639eac0b9621388d10db6be9118e3b52b1452
SHA512

38dedf3370c2d873c99c35c47949148edbb0ea0466611151afeb219e09cd797510e10d9b34fb09c892cdd4a1341fe2b41fe51195d20d2c40606b3e538f2f7320
SSDEEP

384:5c6ze6e1PAhJVzC3tC1im/BsTx46PgZ0rap9HBmRvR6JZlbw8hqIusZzZzI:re9EJLN/yRpcnuj

Score

10^/10

njrat neuf microsoft phishing

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

neuf

C2

doddyfire.linkpc.net:10000

Mutex

e1a87040f2026369a233f9ae76301b7b

Attributes

reg_key
e1a87040f2026369a233f9ae76301b7b
splitter
|'|'|

Targets

- Target
  
  0406846f16234e81d64d3b6c5e74eb00_NeikiAnalytics.exe
- Size
  
  23KB
- MD5
  
  0406846f16234e81d64d3b6c5e74eb00
- SHA1
  
  68348aed236d1f90ce197022dd484a40358ff16f
- SHA256
  
  afb052f7e558c4ef31dd87120f2639eac0b9621388d10db6be9118e3b52b1452
- SHA512
  
  38dedf3370c2d873c99c35c47949148edbb0ea0466611151afeb219e09cd797510e10d9b34fb09c892cdd4a1341fe2b41fe51195d20d2c40606b3e538f2f7320
- SSDEEP
  
  384:5c6ze6e1PAhJVzC3tC1im/BsTx46PgZ0rap9HBmRvR6JZlbw8hqIusZzZzI:re9EJLN/yRpcnuj
Score

5^/10

microsoft phishing
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

microsoftphishing