njrat | cf0b586b8bb3a236f839c3bef887406591bd95fdbef7d9cb2ad99fc127557833 | Triage

Sharing

General

Target

Enigma.exe
Size

93KB
Sample

241111-brcbmsymb1
MD5

5a3fcabcbac79fd782d56cebf66cfcdf
SHA1

c65e6972ee7a04a4b485f657866038c56ca07811
SHA256

cf0b586b8bb3a236f839c3bef887406591bd95fdbef7d9cb2ad99fc127557833
SHA512

f679f54b27bcd326dcad7ba591ebc92d71dca9cc28f49b17200580a32c30127dfb241e8d67c79f5fbbab2bb5357ba5583a0b20a978938475f824ecc02167c634
SSDEEP

768:6Y3c9nD9O/pBcxYsbae6GIXb9pDX2t9zPL0OXLeuXxrjEtCdnl2pi1Rz4Rk3GsG9:a9xOx6baIa9ROj00ljEwzGi1dDiDZgS

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:5552

Mutex

4e5d83e786e40074eef5a2bf33513b88

Attributes

reg_key
4e5d83e786e40074eef5a2bf33513b88
splitter
|'|'|

Targets

- Target
  
  Enigma.exe
- Size
  
  93KB
- MD5
  
  5a3fcabcbac79fd782d56cebf66cfcdf
- SHA1
  
  c65e6972ee7a04a4b485f657866038c56ca07811
- SHA256
  
  cf0b586b8bb3a236f839c3bef887406591bd95fdbef7d9cb2ad99fc127557833
- SHA512
  
  f679f54b27bcd326dcad7ba591ebc92d71dca9cc28f49b17200580a32c30127dfb241e8d67c79f5fbbab2bb5357ba5583a0b20a978938475f824ecc02167c634
- SSDEEP
  
  768:6Y3c9nD9O/pBcxYsbae6GIXb9pDX2t9zPL0OXLeuXxrjEtCdnl2pi1Rz4Rk3GsG9:a9xOx6baIa9ROj00ljEwzGi1dDiDZgS
Score

8^/10

discovery evasion persistence privilege_escalation
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation