njrat | 8d4c9b97cae0f3c35ab9a5ffa7f1ab45f7c304fb0d7c517828fed0c2048f6d4a | Triage

Sharing

General

Target

Server.exe
Size

93KB
Sample

241222-fn5w1avmek
MD5

3f3ae3a450723c80b1aaff419e0d1369
SHA1

bb3e89cde4dd9d29a688b25a0002163540555b6d
SHA256

8d4c9b97cae0f3c35ab9a5ffa7f1ab45f7c304fb0d7c517828fed0c2048f6d4a
SHA512

81cfe00bfb7ff567b66747937c37ee846ae8a672dd3be573b013bc431c2d7d9602f7c02f568a3c996cefc2f86ca9597bc64e9f615b3ef7aae45360e3d15f6aab
SSDEEP

768:QY33lgSRmnldjcRoMwrx7Y+DIkIITJbXX0pOt8ux82SXxrjEtCdnl2pi1Rz4Rk33:PlTmlbrq+1NTZ0OMjEwzGi1dDzDXgS

Score

10^/10

njrat loh discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

loh

C2

hakim32.ddns.net:2000

6.tcp.eu.ngrok.io:11237

Mutex

9a1d999f2150f6d33406593daec54346

Attributes

reg_key
9a1d999f2150f6d33406593daec54346
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  93KB
- MD5
  
  3f3ae3a450723c80b1aaff419e0d1369
- SHA1
  
  bb3e89cde4dd9d29a688b25a0002163540555b6d
- SHA256
  
  8d4c9b97cae0f3c35ab9a5ffa7f1ab45f7c304fb0d7c517828fed0c2048f6d4a
- SHA512
  
  81cfe00bfb7ff567b66747937c37ee846ae8a672dd3be573b013bc431c2d7d9602f7c02f568a3c996cefc2f86ca9597bc64e9f615b3ef7aae45360e3d15f6aab
- SSDEEP
  
  768:QY33lgSRmnldjcRoMwrx7Y+DIkIITJbXX0pOt8ux82SXxrjEtCdnl2pi1Rz4Rk33:PlTmlbrq+1NTZ0OMjEwzGi1dDzDXgS
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation