njrat | 9c0d7f06698ba5b02806ea6b91c5cc015c39bf701debd9ca78043cd9ab7343c8 | Triage

Sharing

General

Target

7011e511cd76407305c64ab4aa7a8b20N
Size

37KB
Sample

240909-tdwggawhjl
MD5

7011e511cd76407305c64ab4aa7a8b20
SHA1

c06d3873a7a6109827f96bc8fabbefba0d13e180
SHA256

9c0d7f06698ba5b02806ea6b91c5cc015c39bf701debd9ca78043cd9ab7343c8
SHA512

935b19bb05115383c0018caf0216cb0c86228ff92275f47f90dfbd4db8963bea0e0862806d2622fd4acdeed9e41af4b71cccbc70d3b97ee4ce9bcb485b71e4a9
SSDEEP

768:dzy09EohT1CFU7NupbMgrM+rMRa8NuXjt:rh1CKhup47+gRJNg

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:7777

Mutex

91d24228927c7c9f513452e767fb9537

Attributes

reg_key
91d24228927c7c9f513452e767fb9537
splitter
|'|'|

Targets

- Target
  
  7011e511cd76407305c64ab4aa7a8b20N
- Size
  
  37KB
- MD5
  
  7011e511cd76407305c64ab4aa7a8b20
- SHA1
  
  c06d3873a7a6109827f96bc8fabbefba0d13e180
- SHA256
  
  9c0d7f06698ba5b02806ea6b91c5cc015c39bf701debd9ca78043cd9ab7343c8
- SHA512
  
  935b19bb05115383c0018caf0216cb0c86228ff92275f47f90dfbd4db8963bea0e0862806d2622fd4acdeed9e41af4b71cccbc70d3b97ee4ce9bcb485b71e4a9
- SSDEEP
  
  768:dzy09EohT1CFU7NupbMgrM+rMRa8NuXjt:rh1CKhup47+gRJNg
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation