njrat | 076ac2235c1fdd1c8766cb7ba6ff4fac2de5937fcab96a28aa629c18117da642 | Triage

Sharing

General

Target

ee53e9b7df383fb5d4ed33620c953871_JaffaCakes118
Size

16KB
Sample

240920-yr29dsvfnb
MD5

ee53e9b7df383fb5d4ed33620c953871
SHA1

8fe555670675047d001605b8f450bee6ea9db0a2
SHA256

076ac2235c1fdd1c8766cb7ba6ff4fac2de5937fcab96a28aa629c18117da642
SHA512

3b931169475c1e79551782ffdb7b41de1258df1634259bd68fc86b4833f13da7f83c6c955c37a84621889e754d903ef361584e80c0fd99f6e8ff9715dfe7c0db
SSDEEP

384:l4h2Sx5wM0fYOjAdPn3+eek6RPTE2reCclNPvn/P9pw6RtAjUk:M20kwOcdP3PSVTE0xcXY6RujZ

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

abdoosama.hopto.org:7777

Mutex

063a5eb8ffa1c5f298bddfb5b1b2dc6d

Attributes

reg_key
063a5eb8ffa1c5f298bddfb5b1b2dc6d
splitter
|'|'|

Targets

- Target
  
  minecraft crack/minecrafte crack.exe
- Size
  
  37KB
- MD5
  
  e69a654b9ffef6c70113598ca12e83fa
- SHA1
  
  894b4bdabb0d2aab0f6f69d1cb91b72685ec2176
- SHA256
  
  54dd55f6e36fb65901228905683813082a390f1d02e058318467a2c449750322
- SHA512
  
  121a31de164f6e6dadd4eaab0e10281e9ea0092e7161bae094a3771d90ad22c8b272e0138e98de35763d02d3599390befcbfc1be4c52054be621df95f6c84170
- SSDEEP
  
  384:g+G23hUidkGXR21cGMy8Pqq53tGFlymkirAF+rMRTyN/0L+EcoinblneHQM3epzo:nG23ZLGv8Pqq58imHrM+rMRa8NuTat
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation