njrat | ef41b7d99745ac73f973ecc1aa3b0c929bfc04eef49221360ccd8f3eb5a920b8 | Triage

Sharing

General

Target

e13d67ab396960b50a8486206e4501ac_JaffaCakes118
Size

37KB
Sample

240914-3cvyzssgla
MD5

e13d67ab396960b50a8486206e4501ac
SHA1

e8487c86ef925429b139d4207ad3ea56877faa54
SHA256

ef41b7d99745ac73f973ecc1aa3b0c929bfc04eef49221360ccd8f3eb5a920b8
SHA512

e31bd91993040e2543ef6bc5c4ac79669bd4a5fa6ba888852cedebde39c48a6abad7e93e24587d976562ff5738641384c2836fdb6bc1eaaa5e6af59dbcc71388
SSDEEP

384:GeTi+IiejVCVLO309Qmykrtgo9CEbfmvmM+grAF+rMRTyN/0L+EcoinblneHQM34:7TPdGdkrmuzmuMLrM+rMRa8NuWEtt

Score

10^/10

njrat vlad_pomosh discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

vlad_pomosh

C2

127.0.0.1:5552

Mutex

133d74b6d29df8a5cd826ea06e4cb422

Attributes

reg_key
133d74b6d29df8a5cd826ea06e4cb422
splitter
|'|'|

Targets

- Target
  
  e13d67ab396960b50a8486206e4501ac_JaffaCakes118
- Size
  
  37KB
- MD5
  
  e13d67ab396960b50a8486206e4501ac
- SHA1
  
  e8487c86ef925429b139d4207ad3ea56877faa54
- SHA256
  
  ef41b7d99745ac73f973ecc1aa3b0c929bfc04eef49221360ccd8f3eb5a920b8
- SHA512
  
  e31bd91993040e2543ef6bc5c4ac79669bd4a5fa6ba888852cedebde39c48a6abad7e93e24587d976562ff5738641384c2836fdb6bc1eaaa5e6af59dbcc71388
- SSDEEP
  
  384:GeTi+IiejVCVLO309Qmykrtgo9CEbfmvmM+grAF+rMRTyN/0L+EcoinblneHQM34:7TPdGdkrmuzmuMLrM+rMRa8NuWEtt
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

vlad_pomoshnjrat

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation