njrat | 8e02ebc246d1c26c5c5df05e93c8eede2b735846e464a8c2929bef2c6e4dd517 | Triage

Sharing

General

Target

8e02ebc246d1c26c5c5df05e93c8eede2b735846e464a8c2929bef2c6e4dd517.exe
Size

60KB
Sample

240928-j835payblb
MD5

5d7c454d1dac18cbf17c19640a3e636a
SHA1

549e69fa3137f77e179835e1b28df75b4a9054ec
SHA256

8e02ebc246d1c26c5c5df05e93c8eede2b735846e464a8c2929bef2c6e4dd517
SHA512

c6a6a40d9b9790789f4589cb169d0758309e8067d1f1fce83c9f65656dd85f4ba5dd359141831a80a1f316c724031387e1ca5beb31899135a18962c0eea8673b
SSDEEP

1536:f8VkLWnLAvsB+ztBat+EQUr2f1KVT95xl:f8VkLWnLAvsE/O46T9V

Score

10^/10

njrat hacked evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.1.16:4444

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|'|'|

Targets

- Target
  
  8e02ebc246d1c26c5c5df05e93c8eede2b735846e464a8c2929bef2c6e4dd517.exe
- Size
  
  60KB
- MD5
  
  5d7c454d1dac18cbf17c19640a3e636a
- SHA1
  
  549e69fa3137f77e179835e1b28df75b4a9054ec
- SHA256
  
  8e02ebc246d1c26c5c5df05e93c8eede2b735846e464a8c2929bef2c6e4dd517
- SHA512
  
  c6a6a40d9b9790789f4589cb169d0758309e8067d1f1fce83c9f65656dd85f4ba5dd359141831a80a1f316c724031387e1ca5beb31899135a18962c0eea8673b
- SSDEEP
  
  1536:f8VkLWnLAvsB+ztBat+EQUr2f1KVT95xl:f8VkLWnLAvsE/O46T9V
Score

8^/10

evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalation

behavioral2

evasionpersistenceprivilege_escalation