njrat | ba5ed0e293d0ea36c31f0a7e2aa9e5921e6db7a6b147773c2a13d19fe9b7841d | Triage

Sharing

General

Target

svchost.exe
Size

29KB
Sample

240917-ab78pswhqr
MD5

876efe6368af95f55720c1f6ca571821
SHA1

e41680090e7a5936e08c353e10d11e13e0a8117f
SHA256

ba5ed0e293d0ea36c31f0a7e2aa9e5921e6db7a6b147773c2a13d19fe9b7841d
SHA512

b2f2301ff6331c4a0cd4e6913d1a4bf165b10ada5c37544efea8df154ebdff8b1dcffaeb1f081e4ef26dcae33b507c10ce0eeb8f78200a19d4b88f05f787408f
SSDEEP

384:ChkrLGN8fNl7L5H4yAyr9n95/K4ZoumqDYcqeYtGBsbh0w4wlAokw9OhgOL1vYRc:h7R4yAy944Aq1qe5BKh0p29SgRgR

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

192.168.1.25:1604

Mutex

ba4c12bee3027d94da5c81db2d196bfd

Attributes

reg_key
ba4c12bee3027d94da5c81db2d196bfd
splitter
|'|'|

Targets

- Target
  
  svchost.exe
- Size
  
  29KB
- MD5
  
  876efe6368af95f55720c1f6ca571821
- SHA1
  
  e41680090e7a5936e08c353e10d11e13e0a8117f
- SHA256
  
  ba5ed0e293d0ea36c31f0a7e2aa9e5921e6db7a6b147773c2a13d19fe9b7841d
- SHA512
  
  b2f2301ff6331c4a0cd4e6913d1a4bf165b10ada5c37544efea8df154ebdff8b1dcffaeb1f081e4ef26dcae33b507c10ce0eeb8f78200a19d4b88f05f787408f
- SSDEEP
  
  384:ChkrLGN8fNl7L5H4yAyr9n95/K4ZoumqDYcqeYtGBsbh0w4wlAokw9OhgOL1vYRc:h7R4yAy944Aq1qe5BKh0p29SgRgR
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation