njrat | 517812b083f78e4dcbd3bedab82af12933434cc1bf46450ed30a8779ee6f0910 | Triage

Sharing

General

Target

517812b083f78e4dcbd3bedab82af12933434cc1bf46450ed30a8779ee6f0910.exe
Size

37KB
Sample

250305-c5k2dawpw2
MD5

a2e18c8f174fd0b8ece075fecc2f4762
SHA1

781de908b86088fcf8d8a461f072e15d1cdf2ad9
SHA256

517812b083f78e4dcbd3bedab82af12933434cc1bf46450ed30a8779ee6f0910
SHA512

971fe74d4451e69d8785d0d1462b18682b1f6d6baa2f9e58646dcd88ba91a422d8583dca24576b5f3537f5a3edc96a0ffe1ab3dccd450a372063471cd5dfa24d
SSDEEP

768:uy0ioEohT1CFU7NuKbMgrM+rMRa8NuB8t:kh1CKhuK47+gRJNW

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

e7245e54b736be5661548998e29eef92

Attributes

reg_key
e7245e54b736be5661548998e29eef92
splitter
|'|'|

Targets

- Target
  
  517812b083f78e4dcbd3bedab82af12933434cc1bf46450ed30a8779ee6f0910.exe
- Size
  
  37KB
- MD5
  
  a2e18c8f174fd0b8ece075fecc2f4762
- SHA1
  
  781de908b86088fcf8d8a461f072e15d1cdf2ad9
- SHA256
  
  517812b083f78e4dcbd3bedab82af12933434cc1bf46450ed30a8779ee6f0910
- SHA512
  
  971fe74d4451e69d8785d0d1462b18682b1f6d6baa2f9e58646dcd88ba91a422d8583dca24576b5f3537f5a3edc96a0ffe1ab3dccd450a372063471cd5dfa24d
- SSDEEP
  
  768:uy0ioEohT1CFU7NuKbMgrM+rMRa8NuB8t:kh1CKhuK47+gRJNW
Score

8^/10

discovery defense_evasion persistence privilege_escalation
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoverypersistenceprivilege_escalation