njrat | e921cdca9fc9fa7a5da432eb961b6a00d5604eca01f9333fa9a309ec92574789 | Triage

Sharing

General

Target

e921cdca9fc9fa7a5da432eb961b6a00d5604eca01f9333fa9a309ec92574789
Size

63KB
Sample

241008-epcq6syall
MD5

421fe0f04a1c158dcc74a22412497c40
SHA1

4fe2f57ad4abf329a77cc2fd9d8ace336d29bbaf
SHA256

e921cdca9fc9fa7a5da432eb961b6a00d5604eca01f9333fa9a309ec92574789
SHA512

c2248f0a61697e44aa7378c4518b3d1389ad3b1a644df8c053a526aea1b2138ce32b9c73542be09d5730b5f50bb40b8830e4d9545c57173d618d8f13ca4f0bf0
SSDEEP

1536:yHMfnYi9brhD7yHAaJtI+9CfU5JtNNMcvVzR2y:ys/Yi9brRuHjvJNMc9F2y

Score

10^/10

njrat hacked discovery

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

ole.cloudns.ph:5439

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  e921cdca9fc9fa7a5da432eb961b6a00d5604eca01f9333fa9a309ec92574789
- Size
  
  63KB
- MD5
  
  421fe0f04a1c158dcc74a22412497c40
- SHA1
  
  4fe2f57ad4abf329a77cc2fd9d8ace336d29bbaf
- SHA256
  
  e921cdca9fc9fa7a5da432eb961b6a00d5604eca01f9333fa9a309ec92574789
- SHA512
  
  c2248f0a61697e44aa7378c4518b3d1389ad3b1a644df8c053a526aea1b2138ce32b9c73542be09d5730b5f50bb40b8830e4d9545c57173d618d8f13ca4f0bf0
- SSDEEP
  
  1536:yHMfnYi9brhD7yHAaJtI+9CfU5JtNNMcvVzR2y:ys/Yi9brRuHjvJNMc9F2y
Score

7^/10

discovery
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2