njrat | 0ba9049b0e1f41c42e6314c9c7d8f210d8f47ad19aa35615937375e891ac2b7b | Triage

Sharing

General

Target

0ba9049b0e1f41c42e6314c9c7d8f210d8f47ad19aa35615937375e891ac2b7bN
Size

36KB
Sample

240920-3qv6xavfkn
MD5

98def32e79167acaee15393662cd3300
SHA1

f432047876d651ab4dae941f3dc2eac46e50bcd7
SHA256

0ba9049b0e1f41c42e6314c9c7d8f210d8f47ad19aa35615937375e891ac2b7b
SHA512

8ca7a1c1727f91a110832448c862271abecd57a5ef60b54fbfa2afbf31307932d36c0f242d1d1e4ca988008b61bb20d217aa94d5939cb1f078d98147594dec9d
SSDEEP

384:d+bsiDlT95hL5YyUvjh/xOi4aaF3ArAF+rMRTyN/0L+EcoinblneHQM3epzXFNrG:g5v5zUvjhDlaRArM+rMRa8Nu/Yt

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

binacian2018811.servehttp.com:5552

Mutex

6249c924746f5a38f2dc642106909bd7

Attributes

reg_key
6249c924746f5a38f2dc642106909bd7
splitter
|'|'|

Targets

- Target
  
  0ba9049b0e1f41c42e6314c9c7d8f210d8f47ad19aa35615937375e891ac2b7bN
- Size
  
  36KB
- MD5
  
  98def32e79167acaee15393662cd3300
- SHA1
  
  f432047876d651ab4dae941f3dc2eac46e50bcd7
- SHA256
  
  0ba9049b0e1f41c42e6314c9c7d8f210d8f47ad19aa35615937375e891ac2b7b
- SHA512
  
  8ca7a1c1727f91a110832448c862271abecd57a5ef60b54fbfa2afbf31307932d36c0f242d1d1e4ca988008b61bb20d217aa94d5939cb1f078d98147594dec9d
- SSDEEP
  
  384:d+bsiDlT95hL5YyUvjh/xOi4aaF3ArAF+rMRTyN/0L+EcoinblneHQM3epzXFNrG:g5v5zUvjhDlaRArM+rMRa8Nu/Yt
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation