njrat | b7fb6652fda82e69307406c273b8eb32dd98ebb94c0a70226a036fb64642c0ed | Triage

Sharing

General

Target

Server.exe
Size

37KB
Sample

240514-f7tcbach22
MD5

752a64fd1751db27d457d86d46317505
SHA1

261d30209383a21c6728c22024bf431bd1f398cd
SHA256

b7fb6652fda82e69307406c273b8eb32dd98ebb94c0a70226a036fb64642c0ed
SHA512

61be7e274dd2f0c5906bc2af827c4f93fb83272060e9fad49ac9cfb5df8673863d4f8b3d5c98fc4c938e7753811c72078e2fd0e77b11c2c8eae25a3b6c39decb
SSDEEP

384:vexqiU354NLHdayszyknI3XBsBsIjCrAF+rMRTyN/0L+EcoinblneHQM3epzXPNb:2lZdJszyknIhKsI2rM+rMRa8Nu5oAt

Score

10^/10

njrat hacked by zgurt evasion persistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed By ZguRt

C2

1337xx.ddns.net:8888

Mutex

fc1996ad83850009cf195ff31b4d0720

Attributes

reg_key
fc1996ad83850009cf195ff31b4d0720
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  37KB
- MD5
  
  752a64fd1751db27d457d86d46317505
- SHA1
  
  261d30209383a21c6728c22024bf431bd1f398cd
- SHA256
  
  b7fb6652fda82e69307406c273b8eb32dd98ebb94c0a70226a036fb64642c0ed
- SHA512
  
  61be7e274dd2f0c5906bc2af827c4f93fb83272060e9fad49ac9cfb5df8673863d4f8b3d5c98fc4c938e7753811c72078e2fd0e77b11c2c8eae25a3b6c39decb
- SSDEEP
  
  384:vexqiU354NLHdayszyknI3XBsBsIjCrAF+rMRTyN/0L+EcoinblneHQM3epzXPNb:2lZdJszyknIhKsI2rM+rMRa8Nu5oAt
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

hacked by zgurtnjrat

behavioral1

evasionpersistence