Overview

overview

10

Static

static

10

private1.exe

windows7-x64

8

private1.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    private1.rar

  • Size

    16KB

  • Sample

    250102-sz7wyswqgw

  • MD5

    d361d80c0772dfa50d31bedb7585f98d

  • SHA1

    f404fbbafc75bc6f233f13955939853864f0da05

  • SHA256

    28472daaf17796bf3578a08211d74c246ad23b8fc3aeee6f2bf97793eed6424c

  • SHA512

    0e607b657678f487b41238768d560add2bde3e17ec6a7a4849a523bcb4a3a97f792f80f2052d8e311732deaa580340e34a5cbe4c9c156def93bc66c615df4793

  • SSDEEP

    384:tU6Z9b5M15nHt6LEotk51Q2se9AlwmF293wj1XzkqJ+Kwd:tj99MTwLLkEe9CM3wj1XhQK6

Score
10/10
njratsysyem32discoveryevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

sysyem32

C2

95.182.14.203:7777

Mutex

983d369cb23bd8bc71a9b6f7dca85165

Attributes
  • reg_key

    983d369cb23bd8bc71a9b6f7dca85165

  • splitter

    |'|'|

Targets

    • Target

      private1.exe

    • Size

      37KB

    • MD5

      cd4db83a43d07e5e947bec896f7fdf41

    • SHA1

      8c788d7bb0139164e84556a84f365fd9743233ce

    • SHA256

      acd71e404bc78050b49f052230f570afdf1063420619663e8848187c3444ce2f

    • SHA512

      66933df632a9a1eb16825bdb1d8d584cf94b1787b4dd96008256909aee75ab17e0ca6452d7a5253b8c8cc3491f79281bde481c9010672fc0240bf5bcab81ac6b

    • SSDEEP

      384:6cx97uxgibbjpPu7w9qyMTytrXXWsBsIDzCrAF+rMRTyN/0L+EcoinblneHQM3eJ:lCNN9ZMTytrWKsIyrM+rMRa8NuDvt

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Command and Control

Exfiltration

Impact

Tasks