njrat | a13ed5c6556e32a91cb9379fac3ccf5db98c42b157dfb89288f5a75ca326bc75 | Triage

Resubmissions

29/03/2025, 14:07

250329-rfbhzawn16 10

29/03/2025, 13:44

250329-q17w8swly5 10

Sharing

General

Target

Kaspersky.exe
Size

93KB
Sample

250329-rfbhzawn16
MD5

327274bc008bf3d8e260af2a4b70d059
SHA1

d4058bac2970b6d2da5b77c3fb5dffeec236262c
SHA256

a13ed5c6556e32a91cb9379fac3ccf5db98c42b157dfb89288f5a75ca326bc75
SHA512

bae8fc052a696de14760336a896290f304182024cfdd5176f112d93f0d7e14b6a632b0e7e01f3744df1dc5f7b9e003d61088a900a7ed7b2ad2797250d725757b
SSDEEP

1536:7V4FQWqkqqoLc2m+isjEwzGi1dDsDMgS:7V4mkqqoA2xiti1dal

Score

10^/10

njrat cheater defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

cheater

C2

hakim32.ddns.net:2000

2.tcp.eu.ngrok.io:17350

Mutex

09a86df6668fdfee2a06a5034dda1e09

Attributes

reg_key
09a86df6668fdfee2a06a5034dda1e09
splitter
|'|'|

Targets

- Target
  
  Kaspersky.exe
- Size
  
  93KB
- MD5
  
  327274bc008bf3d8e260af2a4b70d059
- SHA1
  
  d4058bac2970b6d2da5b77c3fb5dffeec236262c
- SHA256
  
  a13ed5c6556e32a91cb9379fac3ccf5db98c42b157dfb89288f5a75ca326bc75
- SHA512
  
  bae8fc052a696de14760336a896290f304182024cfdd5176f112d93f0d7e14b6a632b0e7e01f3744df1dc5f7b9e003d61088a900a7ed7b2ad2797250d725757b
- SSDEEP
  
  1536:7V4FQWqkqqoLc2m+isjEwzGi1dDsDMgS:7V4mkqqoA2xiti1dal
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Disables Task Manager via registry modification
  defense_evasion
- Modifies Windows Firewall
  defense_evasion
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation