njrat | caaa5263db4330c246e82a67c5f0773c32478390644121a4555c90476bb526b8 | Triage

Sharing

General

Target

caaa5263db4330c246e82a67c5f0773c32478390644121a4555c90476bb526b8.exe
Size

29KB
Sample

241001-rwzwhaycjc
MD5

ab2b571a310e636260d8bfc041dd6bf5
SHA1

08dcfa9ae34809a7f6b468cd3ee6f175667ba5ae
SHA256

caaa5263db4330c246e82a67c5f0773c32478390644121a4555c90476bb526b8
SHA512

52993ffcb90d774dd5d750631620c1794e50a3ace4584162a424f69a686306d64523e4dc68b7ce96e0694941bfc35bb3efc5e045abe9d2514bf16c2f472ddb1d
SSDEEP

384:7I8O5l7FbNdtMTbeFbSI30x5/0T6e7ommqDY60e8fdV5GBsbh0w4wlAokw9OhgOJ:C7HM0SiEFe6q30e8cBKh0p29SgRLO

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

192.168.1.11:1337

Mutex

ba4c12bee3027d94da5c81db2d196bfd

Attributes

reg_key
ba4c12bee3027d94da5c81db2d196bfd
splitter
|'|'|

Targets

- Target
  
  caaa5263db4330c246e82a67c5f0773c32478390644121a4555c90476bb526b8.exe
- Size
  
  29KB
- MD5
  
  ab2b571a310e636260d8bfc041dd6bf5
- SHA1
  
  08dcfa9ae34809a7f6b468cd3ee6f175667ba5ae
- SHA256
  
  caaa5263db4330c246e82a67c5f0773c32478390644121a4555c90476bb526b8
- SHA512
  
  52993ffcb90d774dd5d750631620c1794e50a3ace4584162a424f69a686306d64523e4dc68b7ce96e0694941bfc35bb3efc5e045abe9d2514bf16c2f472ddb1d
- SSDEEP
  
  384:7I8O5l7FbNdtMTbeFbSI30x5/0T6e7ommqDY60e8fdV5GBsbh0w4wlAokw9OhgOJ:C7HM0SiEFe6q30e8cBKh0p29SgRLO
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation