njrat | fea34176704339dadce1e7592bd2b1594d22fbf0d574f61517d590bfc0276595 | Triage

Sharing

General

Target

AimWare Crack.rar
Size

31KB
Sample

240918-xxybysyfqm
MD5

cd31fccb36a5e08d4c0e0455263bdce8
SHA1

467184e14024b9ed8f2e4118a34f0cc9fa22ccdb
SHA256

fea34176704339dadce1e7592bd2b1594d22fbf0d574f61517d590bfc0276595
SHA512

06f2e42274f3d8390e4ffe59a879a2f195e7d5ae4676b93ffd65eb5655b5fe7bfe938c8123938c244861c9deea7e667e618288e055a1349d6afe3381ab7d7419
SSDEEP

768:KPuTpQrPMiPF33c9x+SGQlxyu5nSYchyf0ZFjd:KPulQr0uF34+OnhnSYz6Fx

Score

10^/10

njrat aimware discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

AimWare

C2

hakim32.ddns.net:2000

127.0.0.1:5552

Mutex

879a49ac7651a7ba7626e2acae177521

Attributes

reg_key
879a49ac7651a7ba7626e2acae177521
splitter
|'|'|

Targets

- Target
  
  AimWare Crack/AimWare.exe
- Size
  
  93KB
- MD5
  
  abc13201f23ec06c8ed617e503569aa5
- SHA1
  
  22e03e82b23939e67fd76452d36d93910f8f9bb4
- SHA256
  
  775ad89dc1d9f9d79706b57676912fa01d018038e7f2d2923ccddf3f5b954bc1
- SHA512
  
  ae76fea38c87ae2d0a97fe9db654c72f8102da63fc396a6ebdaa95773ffe7189629d75e4426e389611b1dcb53c3de9c19d4b9b64acc305d3fbdc8f3b4f476bb5
- SSDEEP
  
  768:eY3EUfhWXxyFcxovUKUJuROprXtWNzeYhYbmXxrjEtCdnl2pi1Rz4Rk3DsGdp2gM:uU5WhIUKcuOJ2PhBjEwzGi1dDvD2gS
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation