njrat | 898ab33196c09c002ad6806ff25b8713522c433f8f36f19d4479eef779e3e451 | Triage

Sharing

General

Target

e21e1316a51bb240491bea262c7c0231_JaffaCakes118
Size

37KB
Sample

240915-kr22qsvfng
MD5

e21e1316a51bb240491bea262c7c0231
SHA1

9d7d13016a9b9dda2b9e98beb222dd7d2013ebaf
SHA256

898ab33196c09c002ad6806ff25b8713522c433f8f36f19d4479eef779e3e451
SHA512

076d27383100059788268b9a24c8d4888a2b2d9742cfed301631deb956e4fb14c4d1217df146eae96a0af5f02e6a7416936db589cd87ef47022e0381f604a076
SSDEEP

384:LMqCT0i9rdTe/kCOyU77knZcDfm2grAF+rMRTyN/0L+EcoinblneHQM3epzXfNr9:YfJ1CFU77k67mnrM+rMRa8NulVt

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

125.180.93.203:1

Mutex

e622fcd0cf30e1bca60dc991bd977891

Attributes

reg_key
e622fcd0cf30e1bca60dc991bd977891
splitter
|'|'|

Targets

- Target
  
  e21e1316a51bb240491bea262c7c0231_JaffaCakes118
- Size
  
  37KB
- MD5
  
  e21e1316a51bb240491bea262c7c0231
- SHA1
  
  9d7d13016a9b9dda2b9e98beb222dd7d2013ebaf
- SHA256
  
  898ab33196c09c002ad6806ff25b8713522c433f8f36f19d4479eef779e3e451
- SHA512
  
  076d27383100059788268b9a24c8d4888a2b2d9742cfed301631deb956e4fb14c4d1217df146eae96a0af5f02e6a7416936db589cd87ef47022e0381f604a076
- SSDEEP
  
  384:LMqCT0i9rdTe/kCOyU77knZcDfm2grAF+rMRTyN/0L+EcoinblneHQM3epzXfNr9:YfJ1CFU77k67mnrM+rMRa8NulVt
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation