njrat | 7e55fd01c96f84a79956e90c1ab551cc636043c989902b32dcc0c60c97720ab0 | Triage

Sharing

General

Target

7e55fd01c96f84a79956e90c1ab551cc636043c989902b32dcc0c60c97720ab0.exe
Size

60KB
Sample

240927-vqwhnssdmr
MD5

9c65fe4071d07b6c7242bde887287c8c
SHA1

ca53bfdcb6a998ae51d1550f622f53277083d017
SHA256

7e55fd01c96f84a79956e90c1ab551cc636043c989902b32dcc0c60c97720ab0
SHA512

ba203418df40018f15829826577d00b209c91158466213e430d49e8466f4f224cf6397c09e521e9b1f4428a1fc809241452294fa35ab45de4f5ae786646fc90c
SSDEEP

1536:tBVMr+/P83Qduj0oBaIeIsUr2f1KVB9Al:tBVMr+/P83Q4TP46B9Y

Score

10^/10

njrat hacked evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

x014.hopto.org:4444

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|'|'|

Targets

- Target
  
  7e55fd01c96f84a79956e90c1ab551cc636043c989902b32dcc0c60c97720ab0.exe
- Size
  
  60KB
- MD5
  
  9c65fe4071d07b6c7242bde887287c8c
- SHA1
  
  ca53bfdcb6a998ae51d1550f622f53277083d017
- SHA256
  
  7e55fd01c96f84a79956e90c1ab551cc636043c989902b32dcc0c60c97720ab0
- SHA512
  
  ba203418df40018f15829826577d00b209c91158466213e430d49e8466f4f224cf6397c09e521e9b1f4428a1fc809241452294fa35ab45de4f5ae786646fc90c
- SSDEEP
  
  1536:tBVMr+/P83Qduj0oBaIeIsUr2f1KVB9Al:tBVMr+/P83Q4TP46B9Y
Score

8^/10

evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalation

behavioral2

evasionpersistenceprivilege_escalation