njrat | 698a1b8fc51154ac54399b1bcb548183b3db7be05a648a5ff39dc21b81b1fb89 | Triage

Sharing

General

Target

Serve2r.exe
Size

93KB
Sample

230628-3btdrscc51
MD5

8c3c8b1f0682af30d77807ab1bbf3e56
SHA1

e983bf9b69c60dfbf48704359591895978c2fc7c
SHA256

698a1b8fc51154ac54399b1bcb548183b3db7be05a648a5ff39dc21b81b1fb89
SHA512

00111056a6d51ad6b9e858dbda98996424c078e30d6ed9aed220690fa349406d1784986d66ae13ea78f467c3599f7a04af7c83fb354a0687c371fe17cb3b4917
SSDEEP

768:jY3ACUQy0lM7utchQmnroAgFDSXaaJ4oXbyXxrjEtCdnl2pi1Rz4Rk3JsGdp3gS7:6Ut0i1nroxFMeowjEwzGi1dD5D3gS

Score

10^/10

njrat victim evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Victim

C2

hakim32.ddns.net:2000

6543etfd2-59719.portmap.host:59719

Mutex

a49d7f19644e0bf88262c17f8f0e2bc9

Attributes

reg_key
a49d7f19644e0bf88262c17f8f0e2bc9
splitter
|'|'|

Targets

- Target
  
  Serve2r.exe
- Size
  
  93KB
- MD5
  
  8c3c8b1f0682af30d77807ab1bbf3e56
- SHA1
  
  e983bf9b69c60dfbf48704359591895978c2fc7c
- SHA256
  
  698a1b8fc51154ac54399b1bcb548183b3db7be05a648a5ff39dc21b81b1fb89
- SHA512
  
  00111056a6d51ad6b9e858dbda98996424c078e30d6ed9aed220690fa349406d1784986d66ae13ea78f467c3599f7a04af7c83fb354a0687c371fe17cb3b4917
- SSDEEP
  
  768:jY3ACUQy0lM7utchQmnroAgFDSXaaJ4oXbyXxrjEtCdnl2pi1Rz4Rk3JsGdp3gS7:6Ut0i1nroxFMeowjEwzGi1dD5D3gS
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1