njrat | c7bd3056f1c01d0d36cd4ee675677f9dd20be0684fe8520f18df7d303c494e94 | Triage

Sharing

General

Target

Server.exe
Size

93KB
Sample

250329-myb51a1zf1
MD5

be8230b1a5ba47dacb5b4d4f990f0da2
SHA1

1c44f6422cdf7117c69ab172625eee8d8a561159
SHA256

c7bd3056f1c01d0d36cd4ee675677f9dd20be0684fe8520f18df7d303c494e94
SHA512

26176c2277701fc6b2dd568cb7e9448a83ebfb4f4394469e24ed44511870b3d57e1cd6b6bbe8a305f2bebb7c701330a5be2e37b1f35c19055f43f640c879e402
SSDEEP

1536:NUwC+xhUa9urgOBPmNvMcjEwzGi1dDGDIgS:NUmUa9urgOkdCi1dYx

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

2.tcp.eu.ngrok.io:19281

Mutex

1611d7b8bf80b0aaf61e5b786e58a4b5

Attributes

reg_key
1611d7b8bf80b0aaf61e5b786e58a4b5
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  93KB
- MD5
  
  be8230b1a5ba47dacb5b4d4f990f0da2
- SHA1
  
  1c44f6422cdf7117c69ab172625eee8d8a561159
- SHA256
  
  c7bd3056f1c01d0d36cd4ee675677f9dd20be0684fe8520f18df7d303c494e94
- SHA512
  
  26176c2277701fc6b2dd568cb7e9448a83ebfb4f4394469e24ed44511870b3d57e1cd6b6bbe8a305f2bebb7c701330a5be2e37b1f35c19055f43f640c879e402
- SSDEEP
  
  1536:NUwC+xhUa9urgOBPmNvMcjEwzGi1dDGDIgS:NUmUa9urgOkdCi1dYx
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation