njrat | 6fc5cf3fc04fa48f0052d3725ce6cc0b75a7d61e26bef113ee92b07c1dabc333 | Triage

Sharing

General

Target

Server.exe
Size

37KB
Sample

250118-wk9zjs1lcl
MD5

a404f1c74d62aa8505286bac745f65e8
SHA1

583ec4674c5025734afc2e9f1981222797ea94d2
SHA256

6fc5cf3fc04fa48f0052d3725ce6cc0b75a7d61e26bef113ee92b07c1dabc333
SHA512

b6614f28ad19f3ebc68cba5da50cf7b30d5676798fca15ee8a112741adcf5c950ef5aa0f4ee17d2783d9f044cfdccc41988b1a6ece3f20073644b953929f835f
SSDEEP

384:d36Nb7LsikZ9zNf/1uyU71evdjsOaP4rAF+rMRTyN/0L+EcoinblneHQM3epzXhb:ENf4l1lU71e9FagrM+rMRa8Nu+6t

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

black-associates.gl.at.ply.gg:40091

Mutex

37a1466afd082705c8e8913a15b7adae

Attributes

reg_key
37a1466afd082705c8e8913a15b7adae
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  37KB
- MD5
  
  a404f1c74d62aa8505286bac745f65e8
- SHA1
  
  583ec4674c5025734afc2e9f1981222797ea94d2
- SHA256
  
  6fc5cf3fc04fa48f0052d3725ce6cc0b75a7d61e26bef113ee92b07c1dabc333
- SHA512
  
  b6614f28ad19f3ebc68cba5da50cf7b30d5676798fca15ee8a112741adcf5c950ef5aa0f4ee17d2783d9f044cfdccc41988b1a6ece3f20073644b953929f835f
- SSDEEP
  
  384:d36Nb7LsikZ9zNf/1uyU71evdjsOaP4rAF+rMRTyN/0L+EcoinblneHQM3epzXhb:ENf4l1lU71e9FagrM+rMRa8Nu+6t
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation