njrat | cf9d4ea03b78e714309ae2f55d416bb7bdacccac19cef39b9fc1fb7b4218dae8 | Triage

Sharing

General

Target

PROTECTOR FREEE V2.0.exe
Size

935KB
Sample

241022-ymkhsa1dnc
MD5

67aeb6a710e8a683cf7e6d71e2a9fb08
SHA1

d48b94c93c08d83271775f436ae1007a3f98cfd0
SHA256

cf9d4ea03b78e714309ae2f55d416bb7bdacccac19cef39b9fc1fb7b4218dae8
SHA512

26c6c4d26b0b10c35605b93fb31d635c1bc51034c93ab99b8e9f33dc3fea038060ed083e71eda7a476798b5649f35cfa2d57e1a60c959ec18c43a315efc4910f
SSDEEP

24576:pdGDyyUEuzp/rnemeg9Hm8b0tHZWTkQ4:5nMQMK0XD/

Score

10^/10

njrat xworm تم الاختراق بواسطه احمد السيسي discovery evasion persistence privilege_escalation rat trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

تم الاختراق بواسطه احمد السيسي

C2

hakim32.ddns.net:2000

yyorqqp.ddns.net:4444

Mutex

dc8e2dde5f4470426aa15187e5670a34

Attributes

reg_key
dc8e2dde5f4470426aa15187e5670a34
splitter
|'|'|

Extracted

Family

xworm

Version

5.0

C2

yyorqqp.ddns.net:8888

Mutex

dXDhpVyLJZXEOquV

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  PROTECTOR FREEE V2.0.exe
- Size
  
  935KB
- MD5
  
  67aeb6a710e8a683cf7e6d71e2a9fb08
- SHA1
  
  d48b94c93c08d83271775f436ae1007a3f98cfd0
- SHA256
  
  cf9d4ea03b78e714309ae2f55d416bb7bdacccac19cef39b9fc1fb7b4218dae8
- SHA512
  
  26c6c4d26b0b10c35605b93fb31d635c1bc51034c93ab99b8e9f33dc3fea038060ed083e71eda7a476798b5649f35cfa2d57e1a60c959ec18c43a315efc4910f
- SSDEEP
  
  24576:pdGDyyUEuzp/rnemeg9Hm8b0tHZWTkQ4:5nMQMK0XD/
Score

10^/10

njrat xworm تم الاختراق بواسطه احمد السيسي discovery evasion persistence privilege_escalation rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratxwormتم الاختراق بواسطه احمد السيسيdiscoveryevasionpersistenceprivilege_escalationrattrojan