njrat | 43540c5a1d10b4936a1f0b6dd0b4fcde2dfc52a34c563e070b0a4ea3b864d2f6 | Triage

Sharing

General

Target

43540c5a1d10b4936a1f0b6dd0b4fcde2dfc52a34c563e070b0a4ea3b864d2f6.exe
Size

104KB
Sample

241125-khgpfaxrcw
MD5

942d359cf19b1128d03ad098cd33d458
SHA1

f02f3af09f4dda7d051b9e026764ece09d85e184
SHA256

43540c5a1d10b4936a1f0b6dd0b4fcde2dfc52a34c563e070b0a4ea3b864d2f6
SHA512

db458de3cc1cf82360e4bb6f7ef13b9a85ce993f3ce15879f13f538058f6b00626226cf469d3d7e9f08145385a14fce588f198b9f92daadd2bdc1a7e4019c3d8
SSDEEP

1536:6aUwC+xhUa9urgOBPmNvM4jEwzGi1dDCDSgSk:6aUmUa9urgOkdGi1dk3n

Score

10^/10

njrat sync discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

sync

C2

hakim32.ddns.net:2000

bolbol555.zapto.org:1177

Mutex

ff89deb872901880bdcf1e599c2fc109

Attributes

reg_key
ff89deb872901880bdcf1e599c2fc109
splitter
|'|'|

Targets

- Target
  
  43540c5a1d10b4936a1f0b6dd0b4fcde2dfc52a34c563e070b0a4ea3b864d2f6.exe
- Size
  
  104KB
- MD5
  
  942d359cf19b1128d03ad098cd33d458
- SHA1
  
  f02f3af09f4dda7d051b9e026764ece09d85e184
- SHA256
  
  43540c5a1d10b4936a1f0b6dd0b4fcde2dfc52a34c563e070b0a4ea3b864d2f6
- SHA512
  
  db458de3cc1cf82360e4bb6f7ef13b9a85ce993f3ce15879f13f538058f6b00626226cf469d3d7e9f08145385a14fce588f198b9f92daadd2bdc1a7e4019c3d8
- SSDEEP
  
  1536:6aUwC+xhUa9urgOBPmNvM4jEwzGi1dDCDSgSk:6aUmUa9urgOkdGi1dk3n
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation