njrat | d5e2d41c6766c1fcbd50768faf3b116efccb3bbcafda82fc8334f3a6265b4554 | Triage

Sharing

General

Target

d5e2d41c6766c1fcbd50768faf3b116efccb3bbcafda82fc8334f3a6265b4554N
Size

27KB
Sample

241001-shpdaawapn
MD5

dda8cf51441430d09a05f60039ad46b0
SHA1

7ece230455c7d2ed695a5037a76ceb1f03a928f7
SHA256

d5e2d41c6766c1fcbd50768faf3b116efccb3bbcafda82fc8334f3a6265b4554
SHA512

3005e93e7793103100969fc3ca47b5af49223cc53687e972257d6acec0b6f01103ca330ecf3d8054628bcfbbb96338518ecf48213b5a8b26bba269d8e7fa2983
SSDEEP

384:SLG9fLKCJ1G4APoWahxolxQmCYPPdR9MZAQk93vmhm7UMKmIEecKdbXTzm9bVhcj:MXUEIwxWZA/vMHTi9bD

Score

10^/10

njrat hacked discovery

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

broolan31.zapto.org:5439

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  d5e2d41c6766c1fcbd50768faf3b116efccb3bbcafda82fc8334f3a6265b4554N
- Size
  
  27KB
- MD5
  
  dda8cf51441430d09a05f60039ad46b0
- SHA1
  
  7ece230455c7d2ed695a5037a76ceb1f03a928f7
- SHA256
  
  d5e2d41c6766c1fcbd50768faf3b116efccb3bbcafda82fc8334f3a6265b4554
- SHA512
  
  3005e93e7793103100969fc3ca47b5af49223cc53687e972257d6acec0b6f01103ca330ecf3d8054628bcfbbb96338518ecf48213b5a8b26bba269d8e7fa2983
- SSDEEP
  
  384:SLG9fLKCJ1G4APoWahxolxQmCYPPdR9MZAQk93vmhm7UMKmIEecKdbXTzm9bVhcj:MXUEIwxWZA/vMHTi9bD
Score

7^/10

discovery
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2