njrat | 7c51a525e1e83ee71f025dbb1b88c5f5da9562871cd7bff35820b6f85c28639b | Triage

Sharing

General

Target

Sigma.exe
Size

93KB
Sample

250114-1vhehatjfn
MD5

3226340028efb7e4b25afb92071989a7
SHA1

3594f73dc428e035b5c7a2cbb47a7d98944f6ea5
SHA256

7c51a525e1e83ee71f025dbb1b88c5f5da9562871cd7bff35820b6f85c28639b
SHA512

cc13efaaba5b2a1a927f1585948b974e5232a71989db42b546c9e2a200a4c8f6b1f251e5cf6f6247aae60b45e3851521f83df2ececbeeea04adbf7dde49dde0c
SSDEEP

1536:TVwC+xhUa9urgOBPRNvM4jEwzGi1dDQDigS:TVmUa9urgObdGi1dmH

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

hi-tin.gl.at.ply.gg:14413

Mutex

c3c667c3fe95cc8cd92cf2c9b856ba2c

Attributes

reg_key
c3c667c3fe95cc8cd92cf2c9b856ba2c
splitter
|'|'|

Targets

- Target
  
  Sigma.exe
- Size
  
  93KB
- MD5
  
  3226340028efb7e4b25afb92071989a7
- SHA1
  
  3594f73dc428e035b5c7a2cbb47a7d98944f6ea5
- SHA256
  
  7c51a525e1e83ee71f025dbb1b88c5f5da9562871cd7bff35820b6f85c28639b
- SHA512
  
  cc13efaaba5b2a1a927f1585948b974e5232a71989db42b546c9e2a200a4c8f6b1f251e5cf6f6247aae60b45e3851521f83df2ececbeeea04adbf7dde49dde0c
- SSDEEP
  
  1536:TVwC+xhUa9urgOBPRNvM4jEwzGi1dDQDigS:TVmUa9urgObdGi1dmH
Score

8^/10

discovery evasion persistence privilege_escalation
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation