njrat | 47de28622f56ea992236ed35d342d4582597aa5fdac1db3018c50d3730114863 | Triage

Sharing

General

Target

timetravel_196.exe
Size

37KB
Sample

241005-t9pnssxckn
MD5

c8991e62173876f9cc788cf2367cca03
SHA1

1406dd5d460aa57e9906e657b6d33100aff02af3
SHA256

47de28622f56ea992236ed35d342d4582597aa5fdac1db3018c50d3730114863
SHA512

1d552c09a59cd945a384443765f6f55ba1171dd3c4cf954ccd432524eb359c83b60ccecd2610d1028f0e1c7d80caf6c6bd5d732a8d5cf2f5a85ec922aae5ec43
SSDEEP

384:ED6rp7Lsik79zNf/1uyU77cPbxs2cPWrAF+rMRTyN/0L+EcoinblneHQM3epzX2j:hrRWl1lU77c1FcerM+rMRa8Nught

Score

10^/10

njrat timetravel discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

timetravel

C2

58.188.252.80:5552

Mutex

b4797398209f692b2214137fe4bbceb8

Attributes

reg_key
b4797398209f692b2214137fe4bbceb8
splitter
|'|'|

Targets

- Target
  
  timetravel_196.exe
- Size
  
  37KB
- MD5
  
  c8991e62173876f9cc788cf2367cca03
- SHA1
  
  1406dd5d460aa57e9906e657b6d33100aff02af3
- SHA256
  
  47de28622f56ea992236ed35d342d4582597aa5fdac1db3018c50d3730114863
- SHA512
  
  1d552c09a59cd945a384443765f6f55ba1171dd3c4cf954ccd432524eb359c83b60ccecd2610d1028f0e1c7d80caf6c6bd5d732a8d5cf2f5a85ec922aae5ec43
- SSDEEP
  
  384:ED6rp7Lsik79zNf/1uyU77cPbxs2cPWrAF+rMRTyN/0L+EcoinblneHQM3epzX2j:hrRWl1lU77c1FcerM+rMRa8Nught
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

timetravelnjrat

behavioral1

discoveryevasionpersistenceprivilege_escalation