njrat | 287b7475b355d2296246714d85dbab3b6aea8700834912c5242df06e2a6a5caf | Triage

Sharing

General

Target

c713265c4ef0841bb39d1a64efe21750N
Size

93KB
Sample

240910-1eq2pswemr
MD5

c713265c4ef0841bb39d1a64efe21750
SHA1

a3fd5ad5a2d73e70178b9d606cca0c9c0a1cbe57
SHA256

287b7475b355d2296246714d85dbab3b6aea8700834912c5242df06e2a6a5caf
SHA512

3cdd65a96135ba4461de68c81659d3bf8ae12538df27894e7507e589dcc28a672928633697c2fa56e897e3970b12ee87e26b9a88cc03d58f4f1147701660ae69
SSDEEP

768:4Y33upDIO/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3IsGq:3uuOx6baIa9RPj00ljEwzGi1dDAD0gS

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:7777

Mutex

661768cbf1f24080052b03fdb09aec9d

Attributes

reg_key
661768cbf1f24080052b03fdb09aec9d
splitter
|'|'|

Targets

- Target
  
  c713265c4ef0841bb39d1a64efe21750N
- Size
  
  93KB
- MD5
  
  c713265c4ef0841bb39d1a64efe21750
- SHA1
  
  a3fd5ad5a2d73e70178b9d606cca0c9c0a1cbe57
- SHA256
  
  287b7475b355d2296246714d85dbab3b6aea8700834912c5242df06e2a6a5caf
- SHA512
  
  3cdd65a96135ba4461de68c81659d3bf8ae12538df27894e7507e589dcc28a672928633697c2fa56e897e3970b12ee87e26b9a88cc03d58f4f1147701660ae69
- SSDEEP
  
  768:4Y33upDIO/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3IsGq:3uuOx6baIa9RPj00ljEwzGi1dDAD0gS
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation