njrat | 2a9eb7b0c040619387dcab44f7e040d88cd05712373dcec6bd855f283e89a981 | Triage

Sharing

General

Target

2a9eb7b0c040619387dcab44f7e040d88cd05712373dcec6bd855f283e89a981.exe
Size

37KB
Sample

240916-bf2gds1hmq
MD5

0286312da20e2e5aafc83cfd0b211aeb
SHA1

6d67059a536285ad0182ffebea8f714a785dc153
SHA256

2a9eb7b0c040619387dcab44f7e040d88cd05712373dcec6bd855f283e89a981
SHA512

6a1100a1d8996e2cbbe354a2a8193ac54336509c1991266f9d1e03f9ab83fdd7c61df692413465a731e5badcb00f8f86e39ee48d5f6ed832c356dfaa63f87e37
SSDEEP

384:KmlIIiutjtD+P3V+y0bnu7ytflgs+SiwrAF+rMRTyN/0L+EcoinblneHQM3epzXM:bPmV10bnu7ytCVSbrM+rMRa8Nujmt

Score

10^/10

njrat farter discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

farter

C2

0.tcp.eu.ngrok.io:10472

Mutex

6b90c9f607e615fb2ec10658187bc2eb

Attributes

reg_key
6b90c9f607e615fb2ec10658187bc2eb
splitter
|'|'|

Targets

- Target
  
  2a9eb7b0c040619387dcab44f7e040d88cd05712373dcec6bd855f283e89a981.exe
- Size
  
  37KB
- MD5
  
  0286312da20e2e5aafc83cfd0b211aeb
- SHA1
  
  6d67059a536285ad0182ffebea8f714a785dc153
- SHA256
  
  2a9eb7b0c040619387dcab44f7e040d88cd05712373dcec6bd855f283e89a981
- SHA512
  
  6a1100a1d8996e2cbbe354a2a8193ac54336509c1991266f9d1e03f9ab83fdd7c61df692413465a731e5badcb00f8f86e39ee48d5f6ed832c356dfaa63f87e37
- SSDEEP
  
  384:KmlIIiutjtD+P3V+y0bnu7ytflgs+SiwrAF+rMRTyN/0L+EcoinblneHQM3epzXM:bPmV10bnu7ytCVSbrM+rMRa8Nujmt
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation