njrat | 096fb9885d983bd9d2190ce312517caa75fcbfd44236fca51d6e23609240086d | Triage

Resubmissions

02-04-2023 01:46

230402-b7efyaea46 10

02-04-2023 01:25

230402-bs432sfc2z 10

Sharing

General

Target

Loader.exe
Size

27KB
Sample

230402-b7efyaea46
MD5

a765b141758f0ec10521afa80e041f68
SHA1

9417433c49c7ff3a5cba76d46b5e551203e8afbe
SHA256

096fb9885d983bd9d2190ce312517caa75fcbfd44236fca51d6e23609240086d
SHA512

9519a9d63b175392119f5553ff6d9cd76d8d145fc0070e252225a429a6238d89a7e6190548376a85eb162af6d4d0e376740ee05f2244cc760ffe0d045d8d86d8
SSDEEP

384:eLw6lnw3m4Afp1UDMoC2PDdVlMVAQk93vmhm7UMKmIEecKdbXTzm9bVhcaCh6frZ:IwyBPqqVA/vMHTi9bDC

Score

10^/10

njrat hacked ransomware

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

Hacked

C2

display-trade.at.ply.gg:25685

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  Loader.exe
- Size
  
  27KB
- MD5
  
  a765b141758f0ec10521afa80e041f68
- SHA1
  
  9417433c49c7ff3a5cba76d46b5e551203e8afbe
- SHA256
  
  096fb9885d983bd9d2190ce312517caa75fcbfd44236fca51d6e23609240086d
- SHA512
  
  9519a9d63b175392119f5553ff6d9cd76d8d145fc0070e252225a429a6238d89a7e6190548376a85eb162af6d4d0e376740ee05f2244cc760ffe0d045d8d86d8
- SSDEEP
  
  384:eLw6lnw3m4Afp1UDMoC2PDdVlMVAQk93vmhm7UMKmIEecKdbXTzm9bVhcaCh6frZ:IwyBPqqVA/vMHTi9bDC
Score

7^/10

ransomware
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1