njrat | c439bf3c8288d9f0f195c93454e57a7b88b40bcc44f142c5b706ed964f7f7a0e | Triage

Sharing

General

Target

Payload.exe
Size

27KB
Sample

241213-qmjx9azkev
MD5

437d9e5a9e3f9514361bc0dcd073c15e
SHA1

9b14cdc29af32f62d9025656e837cfe5f64d6959
SHA256

c439bf3c8288d9f0f195c93454e57a7b88b40bcc44f142c5b706ed964f7f7a0e
SHA512

b7583bb3289cfd241d97ec997bb85757c24731654b0fa58fdf5166e7466548e9b1e7c23645681fe161d89f9d1dd579bd961a60e72c5dd5543453edf4c895932f
SSDEEP

384:dLw1FWP0CDZwnXmIQXUj90jEwmFterkSuldsP3NBa6Ml7AQk93vmhm7UMKmIEec8:NJRoCol7A/vMHTi9bD

Score

10^/10

njrat hacked discovery

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

who-begun.gl.at.ply.gg:23727

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  Payload.exe
- Size
  
  27KB
- MD5
  
  437d9e5a9e3f9514361bc0dcd073c15e
- SHA1
  
  9b14cdc29af32f62d9025656e837cfe5f64d6959
- SHA256
  
  c439bf3c8288d9f0f195c93454e57a7b88b40bcc44f142c5b706ed964f7f7a0e
- SHA512
  
  b7583bb3289cfd241d97ec997bb85757c24731654b0fa58fdf5166e7466548e9b1e7c23645681fe161d89f9d1dd579bd961a60e72c5dd5543453edf4c895932f
- SSDEEP
  
  384:dLw1FWP0CDZwnXmIQXUj90jEwmFterkSuldsP3NBa6Ml7AQk93vmhm7UMKmIEec8:NJRoCol7A/vMHTi9bD
Score

7^/10

discovery
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2