njrat | 7c99d4dd852cb64361568024969ddc188672ec6ad3cf998ded8332e670a73edc | Triage

Sharing

General

Target

7c99d4dd852cb64361568024969ddc188672ec6ad3cf998ded8332e670a73edcN
Size

37KB
Sample

240917-x1tsyazglm
MD5

729791dc375db3eac600887441235070
SHA1

0f0230cb294a5fbd7be193790107a46efe6f47ab
SHA256

7c99d4dd852cb64361568024969ddc188672ec6ad3cf998ded8332e670a73edc
SHA512

8e2030507f85559db3df5668d7a57f72c43509e602503510dd64108c9db8407b07635bd502582cac55b5a462f8f7126cbafc0b5043108af246e35e4da386a35a
SSDEEP

384:CmOsrUiS6L1G5k2gyk/8If5e/QUZSiKrAF+rMRTyN/0L+EcoinblneHQM3epzXIZ:Msz32bk/8IQYUZStrM+rMRa8NuKLt

Score

10^/10

njrat farter discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

farter

C2

0.tcp.eu.ngrok.io:10472

Mutex

6b90c9f607e615fb2ec10658187bc2eb

Attributes

reg_key
6b90c9f607e615fb2ec10658187bc2eb
splitter
|'|'|

Targets

- Target
  
  7c99d4dd852cb64361568024969ddc188672ec6ad3cf998ded8332e670a73edcN
- Size
  
  37KB
- MD5
  
  729791dc375db3eac600887441235070
- SHA1
  
  0f0230cb294a5fbd7be193790107a46efe6f47ab
- SHA256
  
  7c99d4dd852cb64361568024969ddc188672ec6ad3cf998ded8332e670a73edc
- SHA512
  
  8e2030507f85559db3df5668d7a57f72c43509e602503510dd64108c9db8407b07635bd502582cac55b5a462f8f7126cbafc0b5043108af246e35e4da386a35a
- SSDEEP
  
  384:CmOsrUiS6L1G5k2gyk/8If5e/QUZSiKrAF+rMRTyN/0L+EcoinblneHQM3epzXIZ:Msz32bk/8IQYUZStrM+rMRa8NuKLt
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation