njrat | 2fe3787ef46112ec56659f0476410355318fb5a079f7af4996966191eeb83948 | Triage

Sharing

General

Target

2toned.exe
Size

93KB
Sample

240701-wdkq3svdmm
MD5

0f7ded44b2e9ae305f705b553bbb103a
SHA1

f59500f7b2ab7349d3d4642ce62d34733c30cef7
SHA256

2fe3787ef46112ec56659f0476410355318fb5a079f7af4996966191eeb83948
SHA512

78e56c6a96d4b01a61ab726cb549505edb431e8601064d59e9719c3b1276a3ef9ba047af9f7c2196f92b3d1f32e7185bc58fb9195efabb87b286224556b4ae71
SSDEEP

1536:tl4gCxdKt75sOTjonrzGVjEwzGi1dDhDsgS:tladKDhT4rzGii1dVF

Score

10^/10

njrat hacked evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:5552

Mutex

9c1a3429b23fb7424c45639b3d5e9adf

Attributes

reg_key
9c1a3429b23fb7424c45639b3d5e9adf
splitter
|'|'|

Targets

- Target
  
  2toned.exe
- Size
  
  93KB
- MD5
  
  0f7ded44b2e9ae305f705b553bbb103a
- SHA1
  
  f59500f7b2ab7349d3d4642ce62d34733c30cef7
- SHA256
  
  2fe3787ef46112ec56659f0476410355318fb5a079f7af4996966191eeb83948
- SHA512
  
  78e56c6a96d4b01a61ab726cb549505edb431e8601064d59e9719c3b1276a3ef9ba047af9f7c2196f92b3d1f32e7185bc58fb9195efabb87b286224556b4ae71
- SSDEEP
  
  1536:tl4gCxdKt75sOTjonrzGVjEwzGi1dDhDsgS:tladKDhT4rzGii1dVF
Score

8^/10

evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalation

behavioral2

evasionpersistenceprivilege_escalation