njrat | 90f099c2038ea56847b5b41f68cd96c43463af2976106fe094c4befd62a644ab | Triage

Sharing

General

Target

gamesense.exe
Size

93KB
Sample

240418-vd492sba8s
MD5

63901be7c78d601cf4683b0bf7076674
SHA1

a1e8a41ad2d1a3103bb74e59152b5b4cac4a745c
SHA256

90f099c2038ea56847b5b41f68cd96c43463af2976106fe094c4befd62a644ab
SHA512

eefa4a121d67fae8d62ef147c5f05b979fd84f0d248ea8a521a9a6fbabdd18654f62406cc5cd39ae45f94ec5ef7cc98fdfaa405c955a98357c457cfebfa8f200
SSDEEP

1536:9IQO3oH4zrEDR6P4z4jEwzGi1dDHDrgS:9IeH4vEDMAzJi1dnk

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:1488

Mutex

1f198e2e527a1b5c423cf558af5689df

Attributes

reg_key
1f198e2e527a1b5c423cf558af5689df
splitter
|'|'|

Targets

- Target
  
  gamesense.exe
- Size
  
  93KB
- MD5
  
  63901be7c78d601cf4683b0bf7076674
- SHA1
  
  a1e8a41ad2d1a3103bb74e59152b5b4cac4a745c
- SHA256
  
  90f099c2038ea56847b5b41f68cd96c43463af2976106fe094c4befd62a644ab
- SHA512
  
  eefa4a121d67fae8d62ef147c5f05b979fd84f0d248ea8a521a9a6fbabdd18654f62406cc5cd39ae45f94ec5ef7cc98fdfaa405c955a98357c457cfebfa8f200
- SSDEEP
  
  1536:9IQO3oH4zrEDR6P4z4jEwzGi1dDHDrgS:9IeH4vEDMAzJi1dnk
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3