njrat | 3ba782f1ddf9b091232171b072b30dd145090d02cbb16f6ed816e14e35885285 | Triage

Sharing

General

Target

Ratka.exe
Size

37KB
Sample

240612-gwf4aasfkh
MD5

f82ab1b6c91dbfc8a1fc643f3c10922b
SHA1

5088dc1515bf6cedfbea693bdf0d897e25345775
SHA256

3ba782f1ddf9b091232171b072b30dd145090d02cbb16f6ed816e14e35885285
SHA512

def496bca5a0cc7957d726d02409372885292690618ae5a13c44e6921fb7de72e5ec8e1855a2cb1de9d4cc1d77be01f3e7d65889b17bf41f00cea12d6b6f805e
SSDEEP

384:VmOq0IiejvCVLO309QmykrtG+dA+Vd7wvOSiKrAF+rMRTyN/0L+EcoinblneHQMi:XLdGdkrgYH7wWS9rM+rMRa8Nu9+Ot

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:11331

Mutex

166eee41ae0e0f4544d895f9671505cf

Attributes

reg_key
166eee41ae0e0f4544d895f9671505cf
splitter
|'|'|

Targets

- Target
  
  Ratka.exe
- Size
  
  37KB
- MD5
  
  f82ab1b6c91dbfc8a1fc643f3c10922b
- SHA1
  
  5088dc1515bf6cedfbea693bdf0d897e25345775
- SHA256
  
  3ba782f1ddf9b091232171b072b30dd145090d02cbb16f6ed816e14e35885285
- SHA512
  
  def496bca5a0cc7957d726d02409372885292690618ae5a13c44e6921fb7de72e5ec8e1855a2cb1de9d4cc1d77be01f3e7d65889b17bf41f00cea12d6b6f805e
- SSDEEP
  
  384:VmOq0IiejvCVLO309QmykrtG+dA+Vd7wvOSiKrAF+rMRTyN/0L+EcoinblneHQMi:XLdGdkrgYH7wWS9rM+rMRa8Nu9+Ot
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2