njrat | 2e7cb63124e97e827e75b3e6a14ae0c7e679c2e12beaff3350841450126fadcc | Triage

Sharing

General

Target

2e7cb63124e97e827e75b3e6a14ae0c7e679c2e12beaff3350841450126fadccN
Size

93KB
Sample

241022-3n66dszfjg
MD5

b40ee55751fea6d198d44511a384b350
SHA1

d40723af26046e7da72364afd7b5ba173ec23a95
SHA256

2e7cb63124e97e827e75b3e6a14ae0c7e679c2e12beaff3350841450126fadcc
SHA512

8cc628c8dd3d0ded10d53e86cb69ab66a3bacd57ffcfbe7e7ac116f5fb801223133dded2dc3723010324442d7b8f3d773b3790433906bc70c7a00e02aa834c22
SSDEEP

1536:0UVFQWqkqqoLc2m+iIjEwzGi1dDVDXgS:0UVmkqqoA2xi5i1dZQ

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

147.185.221.23:21851

Mutex

8e6c7dee3b5a52470f8bde47dba6c189

Attributes

reg_key
8e6c7dee3b5a52470f8bde47dba6c189
splitter
|'|'|

Targets

- Target
  
  2e7cb63124e97e827e75b3e6a14ae0c7e679c2e12beaff3350841450126fadccN
- Size
  
  93KB
- MD5
  
  b40ee55751fea6d198d44511a384b350
- SHA1
  
  d40723af26046e7da72364afd7b5ba173ec23a95
- SHA256
  
  2e7cb63124e97e827e75b3e6a14ae0c7e679c2e12beaff3350841450126fadcc
- SHA512
  
  8cc628c8dd3d0ded10d53e86cb69ab66a3bacd57ffcfbe7e7ac116f5fb801223133dded2dc3723010324442d7b8f3d773b3790433906bc70c7a00e02aa834c22
- SSDEEP
  
  1536:0UVFQWqkqqoLc2m+iIjEwzGi1dDVDXgS:0UVmkqqoA2xi5i1dZQ
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation