njrat | 37b738b858489999cad233e5527d50833cd7bd16b184eacc347670b98c76feff | Triage

Sharing

General

Target

DarkLoader.exe
Size

53KB
Sample

240526-3vhflsge71
MD5

464f4201b6e847f3685e83503c8934af
SHA1

7ce3d09cb4387a831c3073b251a70eb0771f1f17
SHA256

37b738b858489999cad233e5527d50833cd7bd16b184eacc347670b98c76feff
SHA512

d0681734e235b08d8d70b79cd1cac1da22196450f0e69f74749633542c559ee9f6ff85908202bd9a05ced0e1e62790a9fcb7e24802d288a58ceab39f2ed4a91f
SSDEEP

768:5S7TZ38fvCv3E1cQrM+rMRa8Nu/itiHT:5uTZsHCv3Ear+gRJNU5

Score

10^/10

njrat hacked evasion persistence

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

2.tcp.eu.ngrok.io:10092

Mutex

adf4d2e3ce93b6a85f5bba50f2082510

Attributes

reg_key
adf4d2e3ce93b6a85f5bba50f2082510
splitter
|'|'|

Targets

- Target
  
  DarkLoader.exe
- Size
  
  53KB
- MD5
  
  464f4201b6e847f3685e83503c8934af
- SHA1
  
  7ce3d09cb4387a831c3073b251a70eb0771f1f17
- SHA256
  
  37b738b858489999cad233e5527d50833cd7bd16b184eacc347670b98c76feff
- SHA512
  
  d0681734e235b08d8d70b79cd1cac1da22196450f0e69f74749633542c559ee9f6ff85908202bd9a05ced0e1e62790a9fcb7e24802d288a58ceab39f2ed4a91f
- SSDEEP
  
  768:5S7TZ38fvCv3E1cQrM+rMRa8Nu/itiHT:5uTZsHCv3Ear+gRJNU5
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence