njrat | 4ab6bea1ec09fdb63490036d754206d66b5ed12d2242519e0b24e41ed07a6c89 | Triage

Sharing

General

Target

Kaspersky.exe
Size

93KB
Sample

250329-nkzvksstgs
MD5

ab54e6c36ce4c5f741468fad657919e5
SHA1

39c0e66f651549f517b87bf1b8932f8e91dbeb23
SHA256

4ab6bea1ec09fdb63490036d754206d66b5ed12d2242519e0b24e41ed07a6c89
SHA512

a65052fbaa1f13d7d0fe1afb21b3921eaf4b2504170d6834b59165cb1636221d02bd16df81a972a2eb12c9238362a93be08541224da6b01efc4480610a10b4cc
SSDEEP

768:zY37g530YTXspgM0m2zGjpyDtdXWuDtXfLWh2XxrjEtCdnl2pi1Rz4Rk3ssGdpH3:agZ0AA0mT1mrWgLljEwzGi1dDkDHgS

Score

10^/10

njrat pupsik defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Pupsik

C2

hakim32.ddns.net:2000

0.tcp.eu.ngrok.io:18053

Mutex

0c4b3e15737b6964ecad2024f0474129

Attributes

reg_key
0c4b3e15737b6964ecad2024f0474129
splitter
|'|'|

Targets

- Target
  
  Kaspersky.exe
- Size
  
  93KB
- MD5
  
  ab54e6c36ce4c5f741468fad657919e5
- SHA1
  
  39c0e66f651549f517b87bf1b8932f8e91dbeb23
- SHA256
  
  4ab6bea1ec09fdb63490036d754206d66b5ed12d2242519e0b24e41ed07a6c89
- SHA512
  
  a65052fbaa1f13d7d0fe1afb21b3921eaf4b2504170d6834b59165cb1636221d02bd16df81a972a2eb12c9238362a93be08541224da6b01efc4480610a10b4cc
- SSDEEP
  
  768:zY37g530YTXspgM0m2zGjpyDtdXWuDtXfLWh2XxrjEtCdnl2pi1Rz4Rk3ssGdpH3:agZ0AA0mT1mrWgLljEwzGi1dDkDHgS
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Disables Task Manager via registry modification
  defense_evasion
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation