njrat | e9407e6908c64f045476ca09a1378e31f776fef8b5237b79719c77a891dfe2da | Triage

Sharing

General

Target

6dd5a90af346912262be470471966c2c_JaffaCakes118
Size

93KB
Sample

240524-jz65zsaf81
MD5

6dd5a90af346912262be470471966c2c
SHA1

b206b30e18d6e9a90bd00113ad2049c6c50f2874
SHA256

e9407e6908c64f045476ca09a1378e31f776fef8b5237b79719c77a891dfe2da
SHA512

532e0fd8e82a8e10b6f72416f884b5756de22cb71a06f4e5c7c088beedba6b1efff8207776e47a5ee6316a2692f943d392559a0d7724e380eadbf17f7c23a984
SSDEEP

1536:uSmC+xhUa9urgOB9mNvM4jEwzGi1dDLD6gS:uSgUa9urgOidGi1dD/

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

defdfjjjj.hopto.org:5552

Mutex

51193190caf2abb34d5e25dd48b38fc3

Attributes

reg_key
51193190caf2abb34d5e25dd48b38fc3
splitter
|'|'|

Targets

- Target
  
  6dd5a90af346912262be470471966c2c_JaffaCakes118
- Size
  
  93KB
- MD5
  
  6dd5a90af346912262be470471966c2c
- SHA1
  
  b206b30e18d6e9a90bd00113ad2049c6c50f2874
- SHA256
  
  e9407e6908c64f045476ca09a1378e31f776fef8b5237b79719c77a891dfe2da
- SHA512
  
  532e0fd8e82a8e10b6f72416f884b5756de22cb71a06f4e5c7c088beedba6b1efff8207776e47a5ee6316a2692f943d392559a0d7724e380eadbf17f7c23a984
- SSDEEP
  
  1536:uSmC+xhUa9urgOB9mNvM4jEwzGi1dDLD6gS:uSgUa9urgOidGi1dD/
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2