njrat | f8b6231f52280b80a4841056725ee74b1cdccf2da96a46c8e9c6c79ecb6f7832 | Triage

Sharing

General

Target

99958775545abef31b666b51d150fe13_JaffaCakes118
Size

37KB
Sample

240606-alaeesce4w
MD5

99958775545abef31b666b51d150fe13
SHA1

f023f69f9dea93f96f519e6afa0ffc61502f735d
SHA256

f8b6231f52280b80a4841056725ee74b1cdccf2da96a46c8e9c6c79ecb6f7832
SHA512

3028da32486d25b7fa0900dbe48f3e2bdfe5795e06b0b39ae905bef9d6e248bb9b1b03bbdd33b1addec68e5e3bae3f78a6c98f78206012f33871d8ae3b7f24ec
SSDEEP

384:HOLM+2giHF1XJvubMcKyMTqsHveTX5ii4rAF+rMRTyN/0L+EcoinblneHQM3epzs:uLMBTxJc5MTqs2z5iPrM+rMRa8Numpt

Score

10^/10

njrat 122223 evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

122223

C2

89.46.100.217:6666

Mutex

12c4e4affcda9791909db863ed954b5c

Attributes

reg_key
12c4e4affcda9791909db863ed954b5c
splitter
|'|'|

Targets

- Target
  
  99958775545abef31b666b51d150fe13_JaffaCakes118
- Size
  
  37KB
- MD5
  
  99958775545abef31b666b51d150fe13
- SHA1
  
  f023f69f9dea93f96f519e6afa0ffc61502f735d
- SHA256
  
  f8b6231f52280b80a4841056725ee74b1cdccf2da96a46c8e9c6c79ecb6f7832
- SHA512
  
  3028da32486d25b7fa0900dbe48f3e2bdfe5795e06b0b39ae905bef9d6e248bb9b1b03bbdd33b1addec68e5e3bae3f78a6c98f78206012f33871d8ae3b7f24ec
- SSDEEP
  
  384:HOLM+2giHF1XJvubMcKyMTqsHveTX5ii4rAF+rMRTyN/0L+EcoinblneHQM3epzs:uLMBTxJc5MTqs2z5iPrM+rMRa8Numpt
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2