Overview

overview

10

Static

static

10

NiptuneRAT...AT.exe

windows7-x64

1

NiptuneRAT...AT.exe

windows10-2004-x64

10

NiptuneRAT...oG.dll

windows7-x64

1

NiptuneRAT...oG.dll

windows10-2004-x64

1

NiptuneRAT...uJ.dll

windows7-x64

1

NiptuneRAT...uJ.dll

windows10-2004-x64

1

NiptuneRAT...Pn.exe

windows7-x64

10

NiptuneRAT...Pn.exe

windows10-2004-x64

10

NiptuneRAT...io.dll

windows7-x64

1

NiptuneRAT...io.dll

windows10-2004-x64

1

NiptuneRAT...LC.dll

windows7-x64

1

NiptuneRAT...LC.dll

windows10-2004-x64

1

NiptuneRAT...wp.dll

windows7-x64

1

NiptuneRAT...wp.dll

windows10-2004-x64

1

NiptuneRAT...uZ.dll

windows7-x64

1

NiptuneRAT...uZ.dll

windows10-2004-x64

1

NiptuneRAT...WP.dll

windows7-x64

1

NiptuneRAT...WP.dll

windows10-2004-x64

1

NiptuneRAT...Hs.dll

windows7-x64

1

NiptuneRAT...Hs.dll

windows10-2004-x64

1

NiptuneRAT...TS.dll

windows7-x64

1

NiptuneRAT...TS.dll

windows10-2004-x64

1

NiptuneRAT...ry.dll

windows7-x64

1

NiptuneRAT...ry.dll

windows10-2004-x64

1

NiptuneRAT...xj.dll

windows7-x64

1

NiptuneRAT...xj.dll

windows10-2004-x64

1

NiptuneRAT...ng.dll

windows7-x64

1

NiptuneRAT...ng.dll

windows10-2004-x64

1

NiptuneRAT....3.dll

windows7-x64

1

NiptuneRAT....3.dll

windows10-2004-x64

1

NiptuneRAT...on.dll

windows7-x64

1

NiptuneRAT...on.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    158s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-03-2024 01:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NiptuneRAT-main/NiptuneRAT.exe

  • Size

    25.1MB

  • MD5

    6239058e48e0ff85e5d2b986fe55e46d

  • SHA1

    53ecbc7f6d571f94cfbf6b489f0efd562caef1d4

  • SHA256

    77f38316f69bf30036180f76cf2f31d8f456021a06b1bd2d3b185a295d69fac4

  • SHA512

    1d3fb64d902a14df7ef6da783d8e19bfea599bb1e36d675b2a8607bbe9d2be7d03ec444b64834d40f75518b9995537062a8181bb502a7ac027e3f4de95ec2988

  • SSDEEP

    393216:qL/F1jgHAMamfqdgVcJubC0T8L1bEZ+7Dcby9Yd/T:qPjLMamCWVI0T8L1VHHaL

Score
10/10

Malware Config

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NiptuneRAT-main\NiptuneRAT.exe
    "C:\Users\Admin\AppData\Local\Temp\NiptuneRAT-main\NiptuneRAT.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4560
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:776
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1412 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:4876

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4560-0-0x0000029E48D50000-0x0000029E4A67A000-memory.dmp

        Filesize

        25.2MB

        Download

      • memory/4560-1-0x00007FF82D320000-0x00007FF82DDE1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4560-2-0x0000029E64BD0000-0x0000029E64BE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4560-3-0x0000029E64BE0000-0x0000029E64E32000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/4560-4-0x0000029E64F30000-0x0000029E65124000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4560-5-0x0000029E657A0000-0x0000029E658EE000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4560-6-0x0000029E658F0000-0x0000029E65904000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4560-7-0x0000029E64BD0000-0x0000029E64BE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4560-8-0x00007FF82D320000-0x00007FF82DDE1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4560-9-0x0000029E6EAC0000-0x0000029E6F0A8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/4560-10-0x0000029E64BD0000-0x0000029E64BE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4560-11-0x0000029E64BD0000-0x0000029E64BE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4560-12-0x0000029E6E2A0000-0x0000029E6E2AA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4560-13-0x00007FF82D320000-0x00007FF82DDE1000-memory.dmp

        Filesize

        10.8MB

        Download