njrat | 8e88c8a473c2d082ae00f17b91fab13da4afc486683f05fc05e0345135244111 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Server.exe
Size

37KB
Sample

240308-lw9stada6z
MD5

382fd8795221fc9b2aae09df79fa3134
SHA1

006e4311614b330bf88e85a84a60da8ce56ea50e
SHA256

8e88c8a473c2d082ae00f17b91fab13da4afc486683f05fc05e0345135244111
SHA512

a787c258136c504cf2652dfd008298ced91d30936a02dd3c7392cade0d7b4b8dbdfe3c23c86af83746727ab6142ca69eb28232c0cb06f1600a1621191d9e8d93
SSDEEP

384:Y0SvEiTbTvpWNcZ0y8fvCv3v3cLkacpjrAF+rMRTyN/0L+EcoinblneHQM3epzXT:bS7TZ38fvCv3E1c1rM+rMRa8Nu0Ot

Score

10^/10

njrat hacked evasion persistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.sa.ngrok.io:19606

Mutex

fb589e32676a2ae26b3ade722f2bfbb9

Attributes

reg_key
fb589e32676a2ae26b3ade722f2bfbb9
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  37KB
- MD5
  
  382fd8795221fc9b2aae09df79fa3134
- SHA1
  
  006e4311614b330bf88e85a84a60da8ce56ea50e
- SHA256
  
  8e88c8a473c2d082ae00f17b91fab13da4afc486683f05fc05e0345135244111
- SHA512
  
  a787c258136c504cf2652dfd008298ced91d30936a02dd3c7392cade0d7b4b8dbdfe3c23c86af83746727ab6142ca69eb28232c0cb06f1600a1621191d9e8d93
- SSDEEP
  
  384:Y0SvEiTbTvpWNcZ0y8fvCv3v3cLkacpjrAF+rMRTyN/0L+EcoinblneHQM3epzXT:bS7TZ38fvCv3E1c1rM+rMRa8Nu0Ot
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence