njrat | 51ffbb53d4290aa097bf3a0f66e409dcd946ab070d4141023ada15c9662c2efd | Triage

Sharing

General

Target

51ffbb53d4290aa097bf3a0f66e409dcd946ab070d4141023ada15c9662c2efd
Size

93KB
Sample

240830-zky4tswall
MD5

5f0a10c4706ce96159db319b4e0a1e6a
SHA1

dca2f3ff781096725a821354725112f88ed90aeb
SHA256

51ffbb53d4290aa097bf3a0f66e409dcd946ab070d4141023ada15c9662c2efd
SHA512

b52decb5a2d66f210b9901df51ee1a907b2d12a4d968ebc51d286f7f30282c6891638d35fb238a6a42a7d73a9cea5a56080a8f308b301d0f0febdb0babfc6dd9
SSDEEP

768:zY32xnD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3CsG2:zxxOx6baIa9RZj00ljEwzGi1dDeDwgS

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:5552

Mutex

3e4b2868a2c2a459f50a723fe93ddc81

Attributes

reg_key
3e4b2868a2c2a459f50a723fe93ddc81
splitter
|'|'|

Targets

- Target
  
  51ffbb53d4290aa097bf3a0f66e409dcd946ab070d4141023ada15c9662c2efd
- Size
  
  93KB
- MD5
  
  5f0a10c4706ce96159db319b4e0a1e6a
- SHA1
  
  dca2f3ff781096725a821354725112f88ed90aeb
- SHA256
  
  51ffbb53d4290aa097bf3a0f66e409dcd946ab070d4141023ada15c9662c2efd
- SHA512
  
  b52decb5a2d66f210b9901df51ee1a907b2d12a4d968ebc51d286f7f30282c6891638d35fb238a6a42a7d73a9cea5a56080a8f308b301d0f0febdb0babfc6dd9
- SSDEEP
  
  768:zY32xnD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3CsG2:zxxOx6baIa9RZj00ljEwzGi1dDeDwgS
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation