njrat | 3e4491dc24792ed6afec4270ead61f5e11af180ea03235fd97ea16389f5be04b | Triage

Sharing

General

Target

3e4491dc24792ed6afec4270ead61f5e11af180ea03235fd97ea16389f5be04bN.exe
Size

93KB
Sample

241129-k3kltsxjew
MD5

109d24356c52390a6d1395fad07364b0
SHA1

59e2abfa100be34ae4fc58b3e3a3c44e4791a992
SHA256

3e4491dc24792ed6afec4270ead61f5e11af180ea03235fd97ea16389f5be04b
SHA512

ac6764b793fc187ceb1e5e84a403dcb45b950dc416960f7150683eec6c35810374b32f85e5cd98b529f446eeb6fd28cef136de0a62594b3c141edce91f361025
SSDEEP

1536:4U/r7EkrjaFIs7E5OxzJn8LjEwzGi1dD2DRgS:4U7jau5OVVni1dYO

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

211.207.104.213:5552

Mutex

e6e15d2617ae4eb7e2301626e6c843f2

Attributes

reg_key
e6e15d2617ae4eb7e2301626e6c843f2
splitter
|'|'|

Targets

- Target
  
  3e4491dc24792ed6afec4270ead61f5e11af180ea03235fd97ea16389f5be04bN.exe
- Size
  
  93KB
- MD5
  
  109d24356c52390a6d1395fad07364b0
- SHA1
  
  59e2abfa100be34ae4fc58b3e3a3c44e4791a992
- SHA256
  
  3e4491dc24792ed6afec4270ead61f5e11af180ea03235fd97ea16389f5be04b
- SHA512
  
  ac6764b793fc187ceb1e5e84a403dcb45b950dc416960f7150683eec6c35810374b32f85e5cd98b529f446eeb6fd28cef136de0a62594b3c141edce91f361025
- SSDEEP
  
  1536:4U/r7EkrjaFIs7E5OxzJn8LjEwzGi1dD2DRgS:4U7jau5OVVni1dYO
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation