njrat | bdb0c2cf98c13f063d41e320bc1d80a5daa09caaadfecaa2aca93f5baa4c412e | Triage

Sharing

General

Target

bdb0c2cf98c13f063d41e320bc1d80a5daa09caaadfecaa2aca93f5baa4c412e
Size

93KB
Sample

241012-cn3j4axckf
MD5

59cd9659af3f42a3fbd71a01816c5b96
SHA1

105e5854ca6e1a1576f59795819d93cb71a46bcc
SHA256

bdb0c2cf98c13f063d41e320bc1d80a5daa09caaadfecaa2aca93f5baa4c412e
SHA512

b21ac1a08d88f5aed04666e864ad269130c00b1d2fa65b92c90476b2dd1774653f1bca2ca86515e3b9ceb3c0cff4181ca13161a546b8022f2619781512903736
SSDEEP

768:DY3nOJhWXxyFcxovUKUJuROprXtgN8eYhYbmXxrjEtCdnl2pi1Rz4Rk3msGdp7gM:yO3WhIUKcuOJXPhBjEwzGi1dDiD7gS

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

o-customize.gl.at.ply.gg:14532

Mutex

71bcb94721c7e5c877ad58584988060f

Attributes

reg_key
71bcb94721c7e5c877ad58584988060f
splitter
|'|'|

Targets

- Target
  
  bdb0c2cf98c13f063d41e320bc1d80a5daa09caaadfecaa2aca93f5baa4c412e
- Size
  
  93KB
- MD5
  
  59cd9659af3f42a3fbd71a01816c5b96
- SHA1
  
  105e5854ca6e1a1576f59795819d93cb71a46bcc
- SHA256
  
  bdb0c2cf98c13f063d41e320bc1d80a5daa09caaadfecaa2aca93f5baa4c412e
- SHA512
  
  b21ac1a08d88f5aed04666e864ad269130c00b1d2fa65b92c90476b2dd1774653f1bca2ca86515e3b9ceb3c0cff4181ca13161a546b8022f2619781512903736
- SSDEEP
  
  768:DY3nOJhWXxyFcxovUKUJuROprXtgN8eYhYbmXxrjEtCdnl2pi1Rz4Rk3msGdp7gM:yO3WhIUKcuOJXPhBjEwzGi1dDiD7gS
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops startup file
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation