njrat | dbba3358f6bf08f6f40711574c76905b471a1a08259396f6b80ee63d06fc8951 | Triage

Sharing

General

Target

5841a8a95e05d58a.exe
Size

93KB
Sample

240420-rkm3kaad49
MD5

c28c57588077a93983f6d4cbaa30a130
SHA1

61013fe2450fee9b928e016590bb92bef17359ca
SHA256

dbba3358f6bf08f6f40711574c76905b471a1a08259396f6b80ee63d06fc8951
SHA512

30fe3adb906ac5f08073162a92f0985b946cdb71bdfcdb28f50cdebdf37a702bff42c2af928afc148801301350b68a8bd3afe85208f89f3f10ae262aa12df474
SSDEEP

768:9Y3oZU3nWXxyFcxovUKUJuROprXtWNEpeYhYbmXxrjEtCdnl2pi1Rz4Rk3OsGdpx:3UXWhIUKcuOJRpPhBjEwzGi1dDqDhgS

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

pro123.ddns.net:161

Mutex

0bd34f575986b2731a655919cd7081f4

Attributes

reg_key
0bd34f575986b2731a655919cd7081f4
splitter
|'|'|

Targets

- Target
  
  5841a8a95e05d58a.exe
- Size
  
  93KB
- MD5
  
  c28c57588077a93983f6d4cbaa30a130
- SHA1
  
  61013fe2450fee9b928e016590bb92bef17359ca
- SHA256
  
  dbba3358f6bf08f6f40711574c76905b471a1a08259396f6b80ee63d06fc8951
- SHA512
  
  30fe3adb906ac5f08073162a92f0985b946cdb71bdfcdb28f50cdebdf37a702bff42c2af928afc148801301350b68a8bd3afe85208f89f3f10ae262aa12df474
- SSDEEP
  
  768:9Y3oZU3nWXxyFcxovUKUJuROprXtWNEpeYhYbmXxrjEtCdnl2pi1Rz4Rk3OsGdpx:3UXWhIUKcuOJRpPhBjEwzGi1dDqDhgS
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1