njrat | 6eaa027edff4ad0f291eb3b3f10c7195c74baca318e76be0cbf99e04d7c5e149 | Triage

Sharing

General

Target

this malware sample is very nasty!.zip
Size

30KB
Sample

241203-gq87wasqev
MD5

2796b0c3b7b9e89da936dcdd5b82044a
SHA1

3fe69eca7c791bad0c0efce092b8dfee61726d92
SHA256

6eaa027edff4ad0f291eb3b3f10c7195c74baca318e76be0cbf99e04d7c5e149
SHA512

74c663cd0d8feb39ad3fa2ef64dba2fb42a51d7a19b7f1792c28427676b6d811f8ad8845b9e58627272d9aa067ca1c7bd90e473d2ff59c6aa32941d7472abd63
SSDEEP

768:1leukZ33ZyFoXfokoh9wWb0kl5aXW8YFWQ0t0MYZ:TnSZhQkK9w+5eYbvZZ

Score

10^/10

njrat hacked discovery

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

8.tcp.ngrok.io:10489

Mutex

d7fee67e410cfbc876590bf5c06c5f19

Attributes

reg_key
d7fee67e410cfbc876590bf5c06c5f19
splitter
|'|'|

Targets

- Target
  
  d59c7ccf805724c5a8704e0ed9e457bfe33b61e150d646c1da2703e30c22da9e.exe
- Size
  
  52KB
- MD5
  
  1a4ac0f78511c028b51e0b302b080946
- SHA1
  
  cf5d9e076aabb18759dfeabf59f4328f3fe30088
- SHA256
  
  d59c7ccf805724c5a8704e0ed9e457bfe33b61e150d646c1da2703e30c22da9e
- SHA512
  
  c38e8742bdfc93aa4b6ffc4789e4e1b844c276bc61eff07729df70781d30ad9f2aab2b2d0290235d828bc556be996f53ded0441440c93b1249abc6e03c855bbf
- SSDEEP
  
  768:PKXTZ38f7CTv8FwKrM+rMRa8NujBtUmQGPL4vzZq2o9W7GsxBbPr:PiTZsTCTv8u1+gRJNA49GCq2iW7z
Score

3^/10

discovery
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4