njrat | 2cb300fe3752e29649f69160eff1adbea9baf1b49616a7b4d269a5403d71d023 | Triage

Sharing

General

Target

e3bd5581569cc9bee14680eed96c78a1_JaffaCakes118
Size

37KB
Sample

240916-bmtp5asckq
MD5

e3bd5581569cc9bee14680eed96c78a1
SHA1

b66bf03ccb8c205ca753a2bedf64220516549782
SHA256

2cb300fe3752e29649f69160eff1adbea9baf1b49616a7b4d269a5403d71d023
SHA512

0a2200603d122ac8e2820978807343ee30db25172de539a8261d44aa9a9c3da711694f2d025e5decf21e1f7283c486ab4a4e3628a11ad1a8a6dd5c8080f11dd9
SSDEEP

384:XA2K3hUidkkXR21cGMy8PAM5vf8Fl6EhnrAF+rMRTyN/0L+EcoinblneHQM3epzF:w2K3TLGv8PAM58qExrM+rMRa8NuMot

Score

10^/10

njrat njrat discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

njRAT

C2

192.168.0.128:5552

Mutex

126a1df0e7536edf83368e815980867b

Attributes

reg_key
126a1df0e7536edf83368e815980867b
splitter
|'|'|

Targets

- Target
  
  e3bd5581569cc9bee14680eed96c78a1_JaffaCakes118
- Size
  
  37KB
- MD5
  
  e3bd5581569cc9bee14680eed96c78a1
- SHA1
  
  b66bf03ccb8c205ca753a2bedf64220516549782
- SHA256
  
  2cb300fe3752e29649f69160eff1adbea9baf1b49616a7b4d269a5403d71d023
- SHA512
  
  0a2200603d122ac8e2820978807343ee30db25172de539a8261d44aa9a9c3da711694f2d025e5decf21e1f7283c486ab4a4e3628a11ad1a8a6dd5c8080f11dd9
- SSDEEP
  
  384:XA2K3hUidkkXR21cGMy8PAM5vf8Fl6EhnrAF+rMRTyN/0L+EcoinblneHQM3epzF:w2K3TLGv8PAM58qExrM+rMRa8NuMot
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation