njrat | ef72a357037fbb9ae97c92cd12396429f4c2eefc8a5f92092822f1a566dd3b19 | Triage

Sharing

General

Target

ef72a357037fbb9ae97c92cd12396429f4c2eefc8a5f92092822f1a566dd3b19.exe
Size

93KB
Sample

241201-2ml86avrew
MD5

d59a3baec8e45ebb6b190262be8a7789
SHA1

7a736f474717f68494a8a7db04602e37039ac85c
SHA256

ef72a357037fbb9ae97c92cd12396429f4c2eefc8a5f92092822f1a566dd3b19
SHA512

f2557552f4c0e0e2d3e292d022ed9a53bc01d9cc52c26e6b4678c97322ec960aad2e07a8d197b19f1dc6e7d65628d30a2a894559659afd6e0d352f603eaba0e2
SSDEEP

1536:PUk1GkeUqZJO5iNSimjEwzGi1dDaDngS0:PUPUqZJOQAOi1dMg9

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

94.140.244.222:56981

Mutex

12a6980bbc3e8583e225df29f90c66b9

Attributes

reg_key
12a6980bbc3e8583e225df29f90c66b9
splitter
|'|'|

Targets

- Target
  
  ef72a357037fbb9ae97c92cd12396429f4c2eefc8a5f92092822f1a566dd3b19.exe
- Size
  
  93KB
- MD5
  
  d59a3baec8e45ebb6b190262be8a7789
- SHA1
  
  7a736f474717f68494a8a7db04602e37039ac85c
- SHA256
  
  ef72a357037fbb9ae97c92cd12396429f4c2eefc8a5f92092822f1a566dd3b19
- SHA512
  
  f2557552f4c0e0e2d3e292d022ed9a53bc01d9cc52c26e6b4678c97322ec960aad2e07a8d197b19f1dc6e7d65628d30a2a894559659afd6e0d352f603eaba0e2
- SSDEEP
  
  1536:PUk1GkeUqZJO5iNSimjEwzGi1dDaDngS0:PUPUqZJOQAOi1dMg9
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation