njrat | 5e37860bbb3523d6850e18f3350ab8edcc9e5471814ba683fc7567a6b2c9c893 | Triage

Sharing

General

Target

4d69b6e0a0d60d320d68185884dc6d0170cb580e3d1a789b5d844e020496d00c.zip
Size

34KB
Sample

241104-vfdvwawmal
MD5

f80750bc420aaf9540a36597dd7a27e1
SHA1

dc37cf0eebf9c034bbf568ab3d20b89fe14c81d2
SHA256

5e37860bbb3523d6850e18f3350ab8edcc9e5471814ba683fc7567a6b2c9c893
SHA512

eea125af1bbdea9da06c794870e553fb3163c6b2f5e8494741347788b9c4e06f57236246ca9f8bc214211bf83920aa8596639ba69e6b6a0b1dc1103896903bbd
SSDEEP

768:ZwM+M/fcN0Vjrun0rvXMg9lt3od6JZCIOf7ihTIjoPQnbgYqX4:iM+EUN0BuneXMelt3Puxf2hskPGgYqX4

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

212.90.36.66:5552

Mutex

104a6afa6ac1864500ecb2e264b1a281

Attributes

reg_key
104a6afa6ac1864500ecb2e264b1a281
splitter
|'|'|

Targets

- Target
  
  4d69b6e0a0d60d320d68185884dc6d0170cb580e3d1a789b5d844e020496d00c.exe
- Size
  
  93KB
- MD5
  
  68eaabff5b40724c9bdc65112a673256
- SHA1
  
  3a9a4f7fba434d20dc9a1500d62952aba645378d
- SHA256
  
  4d69b6e0a0d60d320d68185884dc6d0170cb580e3d1a789b5d844e020496d00c
- SHA512
  
  9a5280bf4f85ed57ef55c38929668291dfd3eb1617caa469b54f69d3f43921b199fbf5fae758bf0eca21fee1c3ba9bf5535178509b25f51bfaa35e0423d46469
- SSDEEP
  
  768:3Y3JxfhWXxyFcxovUKUJuROprXtWNzeYhYbmXxrjEtCdnl2pi1Rz4Rk3IsGdpngM:0x5WhIUKcuOJ2PhBjEwzGi1dDgDngS
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation