njrat | a406d9895911ac26f41f77b6280e09409ea084a1d130cdc7f766528e8335dd01 | Triage

Sharing

General

Target

5a1668513c822c2b8e972ddd578dd9d6.exe
Size

93KB
Sample

241002-mxtcwswdma
MD5

5a1668513c822c2b8e972ddd578dd9d6
SHA1

7f9bae9ba73cd6bb1ebc5bb0ac92429caf8a8afb
SHA256

a406d9895911ac26f41f77b6280e09409ea084a1d130cdc7f766528e8335dd01
SHA512

8e3edaaa3444478f7a7e9212358b8453de325ef821563bffc96331a92d13678b6fec482d7feb38da35dc370d6b2c532ce4d4fe9e6c8071dae0dd13773b345476
SSDEEP

768:8Y33UfhWXxyFcxovUKUJuROprXtWNzeYhYbmXxrjEtCdnl2pi1Rz4Rk3isGdpEgM:jU5WhIUKcuOJ2PhBjEwzGi1dD+DEgS

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

188.34.178.0:5552

Mutex

958cbf1ebcbed9dbc72f2c3e95e327ef

Attributes

reg_key
958cbf1ebcbed9dbc72f2c3e95e327ef
splitter
|'|'|

Targets

- Target
  
  5a1668513c822c2b8e972ddd578dd9d6.exe
- Size
  
  93KB
- MD5
  
  5a1668513c822c2b8e972ddd578dd9d6
- SHA1
  
  7f9bae9ba73cd6bb1ebc5bb0ac92429caf8a8afb
- SHA256
  
  a406d9895911ac26f41f77b6280e09409ea084a1d130cdc7f766528e8335dd01
- SHA512
  
  8e3edaaa3444478f7a7e9212358b8453de325ef821563bffc96331a92d13678b6fec482d7feb38da35dc370d6b2c532ce4d4fe9e6c8071dae0dd13773b345476
- SSDEEP
  
  768:8Y33UfhWXxyFcxovUKUJuROprXtWNzeYhYbmXxrjEtCdnl2pi1Rz4Rk3isGdpEgM:jU5WhIUKcuOJ2PhBjEwzGi1dD+DEgS
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation