njrat | cc3766508cfe6674d7c5a3008353ad24aa7e50c576a77b31e26985bd7aee5aa0 | Triage

Submit
Reports

Overview

overview

Static

static

Kaspersky.exe

windows10-2004-x64

9

Sharing

General

Target

Kaspersky.exe
Size

93KB
Sample

250329-pedktssyh1
MD5

3060fc299e17c7783df72a4e5f031f39
SHA1

2b1a867cf9dd435670d3c638974b4ad3c4a6ac87
SHA256

cc3766508cfe6674d7c5a3008353ad24aa7e50c576a77b31e26985bd7aee5aa0
SHA512

490a2728a54d021e2834332b8a1cc37475486794a2eef27c974a587ede72e1ca4672e3d0f05c646c954f4f4760c12a13f9cd901b816436ca20690ad14f904aa2
SSDEEP

1536:HV/r7EkrjaFIs7E5OxzJn8njEwzGi1dDjDzgS:HV7jau5OVVLi1drs

Score

10^/10

njrat pupsik defense_evasion discovery persistence privilege_escalation spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Kaspersky.exe

Resource

win10v2004-20250314-en

defense_evasion discovery persistence privilege_escalation spyware stealer

windows10-2004-x64

28 signatures

600 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Pupsik

C2

hakim32.ddns.net:2000

7.tcp.eu.ngrok.io:10780

Mutex

83252676f26e0ab65853f7859226c726

Attributes

reg_key
83252676f26e0ab65853f7859226c726
splitter
|'|'|

Targets

- Target
  
  Kaspersky.exe
- Size
  
  93KB
- MD5
  
  3060fc299e17c7783df72a4e5f031f39
- SHA1
  
  2b1a867cf9dd435670d3c638974b4ad3c4a6ac87
- SHA256
  
  cc3766508cfe6674d7c5a3008353ad24aa7e50c576a77b31e26985bd7aee5aa0
- SHA512
  
  490a2728a54d021e2834332b8a1cc37475486794a2eef27c974a587ede72e1ca4672e3d0f05c646c954f4f4760c12a13f9cd901b816436ca20690ad14f904aa2
- SSDEEP
  
  1536:HV/r7EkrjaFIs7E5OxzJn8njEwzGi1dDjDzgS:HV7jau5OVVLi1drs
Score

9^/10

defense_evasion discovery persistence privilege_escalation spyware stealer
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Disables Task Manager via registry modification
  defense_evasion
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalationspywarestealer

© 2018-2025

Terms | Privacy