njrat | 96a793550c288f00f404379fd88305b002888d92cf22e1f43403834fbfb00766 | Triage

Sharing

General

Target

Payload.exe
Size

27KB
Sample

250212-nqfc5azkdy
MD5

628ef0056068bfdc1e004ee627cd092a
SHA1

b9a3d7a954935d43f7f847d5ebcc98f6c0622b3c
SHA256

96a793550c288f00f404379fd88305b002888d92cf22e1f43403834fbfb00766
SHA512

14e0ec5b502bdc546c3eeb672b86af276a9f31547fe7e58b5b1a2b1e95562af6144b3d8294d3b14d9b4b7cc889ce9618fa3f5fad6ff684341b5c3ddf2ac371a8
SSDEEP

384:kLM2J1dJFKnO4YLJ5zeZsL4E7O4/ChZGPjdx4kMtAQk93vmhm7UMKmIEecKdbXTG:ynJFPleeHUtA/vMHTi9bD

Score

10^/10

njrat hacked discovery persistence

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

paul-nw.gl.at.ply.gg:51413

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  Payload.exe
- Size
  
  27KB
- MD5
  
  628ef0056068bfdc1e004ee627cd092a
- SHA1
  
  b9a3d7a954935d43f7f847d5ebcc98f6c0622b3c
- SHA256
  
  96a793550c288f00f404379fd88305b002888d92cf22e1f43403834fbfb00766
- SHA512
  
  14e0ec5b502bdc546c3eeb672b86af276a9f31547fe7e58b5b1a2b1e95562af6144b3d8294d3b14d9b4b7cc889ce9618fa3f5fad6ff684341b5c3ddf2ac371a8
- SSDEEP
  
  384:kLM2J1dJFKnO4YLJ5zeZsL4E7O4/ChZGPjdx4kMtAQk93vmhm7UMKmIEecKdbXTG:ynJFPleeHUtA/vMHTi9bD
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence