njrat | 88c4119ebffe218c584ac304adbb9da29123a2b526977b87f9e241a277fd0413 | Triage

Sharing

General

Target

545f98c621008ada5fc30f1368edc8d0N.exe
Size

93KB
Sample

240829-p1s8eathlm
MD5

545f98c621008ada5fc30f1368edc8d0
SHA1

9b461273bb605dcf46219938275a06647ac00b29
SHA256

88c4119ebffe218c584ac304adbb9da29123a2b526977b87f9e241a277fd0413
SHA512

c8bf20ed5c6307cabfa312b9d674d06d711f6e1f5aa2c5ffcc632746bd331ebbc0bd8801c868bafc0d77a46aa31e69f0a662a7bd4385f475dcfadc551700789b
SSDEEP

768:7Y3CznD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3OsGY:PzxOx6baIa9RZj00ljEwzGi1dDqDCgS

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:7777

Mutex

81cfd6c4b07fe6b92367783b7fd6f167

Attributes

reg_key
81cfd6c4b07fe6b92367783b7fd6f167
splitter
|'|'|

Targets

- Target
  
  545f98c621008ada5fc30f1368edc8d0N.exe
- Size
  
  93KB
- MD5
  
  545f98c621008ada5fc30f1368edc8d0
- SHA1
  
  9b461273bb605dcf46219938275a06647ac00b29
- SHA256
  
  88c4119ebffe218c584ac304adbb9da29123a2b526977b87f9e241a277fd0413
- SHA512
  
  c8bf20ed5c6307cabfa312b9d674d06d711f6e1f5aa2c5ffcc632746bd331ebbc0bd8801c868bafc0d77a46aa31e69f0a662a7bd4385f475dcfadc551700789b
- SSDEEP
  
  768:7Y3CznD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3OsGY:PzxOx6baIa9RZj00ljEwzGi1dDqDCgS
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops startup file
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation