njrat | 9602f83035fa0fc4f0929df8755e017ce949e4709abc1c752d47815d134de701 | Triage

Sharing

General

Target

e5f25600b1e6483536bae239c5ff59e496fad54cd9ca1d82be94e26f27be5fa8.zip
Size

17KB
Sample

241104-vct3patbmh
MD5

01f049dce79b42601b81471acb63a754
SHA1

07fef947d4373e9e0fdb2da79cfa70bc9b0e5456
SHA256

9602f83035fa0fc4f0929df8755e017ce949e4709abc1c752d47815d134de701
SHA512

f85d6c9ec985b213f9bb8f024d56a8f910cdea01dc614ec35fac7147992b59afd08e7c2b0f8028257786964e90d0867c6f447250554c5f7cfba8fdd167a31d25
SSDEEP

384:hYM/xUaWZCUeXtF9g62vmjpL0ZIIeZTPfW+lXerwyGqkNNfAIPa04NJYC:hYIxwdedyvvI320yeNNNPaRJYC

Score

10^/10

njrat 12335452 discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

12335452

C2

5.tcp.eu.ngrok.io:19026:6735

Mutex

43f790e6cbf1ad7d860172b021a05925

Attributes

reg_key
43f790e6cbf1ad7d860172b021a05925
splitter
|'|'|

Targets

- Target
  
  e5f25600b1e6483536bae239c5ff59e496fad54cd9ca1d82be94e26f27be5fa8.exe
- Size
  
  37KB
- MD5
  
  bcddf14b096307edfbfdc92384539645
- SHA1
  
  a5770520db5a464a2d1ec5fb9033391942ddf04c
- SHA256
  
  e5f25600b1e6483536bae239c5ff59e496fad54cd9ca1d82be94e26f27be5fa8
- SHA512
  
  18745ad93c7508bd025854edc346ced5069f078420a9874f27f16bc3eb0f0ec507b669799893bf79bfbf0635d139354686fbc8bde429574f6190a6897257b97b
- SSDEEP
  
  384:Uwxb7LsikZ9zNf/1uyU71evdjsOafMrAF+rMRTyN/0L+EcoinblneHQM3epzXCYx:Xxf4l1lU71e9FakrM+rMRa8NusYTt
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation