njrat | d11a0cc8519c231d97e0fb0be5e9ada10063c6c6d622b709a7b8dcd9f5e130b7 | Triage

Sharing

General

Target

chrome.exe
Size

37KB
Sample

241026-l5zzzashqe
MD5

ab06383afec1c13e929619415975444e
SHA1

19aec0fb15da73ffedbea6ba7e614c0fadc4c060
SHA256

d11a0cc8519c231d97e0fb0be5e9ada10063c6c6d622b709a7b8dcd9f5e130b7
SHA512

3ab88bc60b6057d886d0516c253da7fd3e5681be558aa75f8bc6d9e35ef75ad11c758b06279327a2f27681b1a94fea92f1d57bd2d5250d629542b492ad84adf2
SSDEEP

384:IezZxj6ic7ri5Z7JAyk/Y4IvDfZeKQVerAF+rMRTyN/0L+EcoinblneHQM3epzXM:VznHJ7k/Y4IDZbQorM+rMRa8NuLAFt

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

stayhigh-50122.portmap.host:37581

Mutex

66a226ee78ee6808081a806f214b2f69

Attributes

reg_key
66a226ee78ee6808081a806f214b2f69
splitter
|'|'|

Targets

- Target
  
  chrome.exe
- Size
  
  37KB
- MD5
  
  ab06383afec1c13e929619415975444e
- SHA1
  
  19aec0fb15da73ffedbea6ba7e614c0fadc4c060
- SHA256
  
  d11a0cc8519c231d97e0fb0be5e9ada10063c6c6d622b709a7b8dcd9f5e130b7
- SHA512
  
  3ab88bc60b6057d886d0516c253da7fd3e5681be558aa75f8bc6d9e35ef75ad11c758b06279327a2f27681b1a94fea92f1d57bd2d5250d629542b492ad84adf2
- SSDEEP
  
  384:IezZxj6ic7ri5Z7JAyk/Y4IvDfZeKQVerAF+rMRTyN/0L+EcoinblneHQM3epzXM:VznHJ7k/Y4IDZbQorM+rMRa8NuLAFt
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation