njrat | 9ddcf3eed4a29ef0050c9b77bd628e28cfc3588ec945ded0bf8b88459397521a | Triage

Sharing

General

Target

Server.exe
Size

37KB
Sample

241109-mmkb8ssgqa
MD5

33a6d4422ab7fca37fda9fba8dbb17ed
SHA1

a1d5dc523efc2f4628e108d74b1dc20e94538b4b
SHA256

9ddcf3eed4a29ef0050c9b77bd628e28cfc3588ec945ded0bf8b88459397521a
SHA512

925066affa561283f4be08b5be479d4b7bc847000a0c31945bc00e961bec252532ae61fea2e2536c90aa9a45e2fd0967a6a5b4e5a75e0b67de461fd9f6f706ba
SSDEEP

384:O+OIiu/jtD+P3V+y0bFwRktv7ms2cPPrAF+rMRTyN/0L+EcoinblneHQM3epzXos:nXmV10bFwRktalc3rM+rMRa8NuaEt

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

mingrelian.duckdns.org:4444

Mutex

74f66fc617fa0e33061258cd955fd8cc

Attributes

reg_key
74f66fc617fa0e33061258cd955fd8cc
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  37KB
- MD5
  
  33a6d4422ab7fca37fda9fba8dbb17ed
- SHA1
  
  a1d5dc523efc2f4628e108d74b1dc20e94538b4b
- SHA256
  
  9ddcf3eed4a29ef0050c9b77bd628e28cfc3588ec945ded0bf8b88459397521a
- SHA512
  
  925066affa561283f4be08b5be479d4b7bc847000a0c31945bc00e961bec252532ae61fea2e2536c90aa9a45e2fd0967a6a5b4e5a75e0b67de461fd9f6f706ba
- SSDEEP
  
  384:O+OIiu/jtD+P3V+y0bFwRktv7ms2cPPrAF+rMRTyN/0L+EcoinblneHQM3epzXos:nXmV10bFwRktalc3rM+rMRa8NuaEt
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation