njrat | cf9d75264ce6d9cc9c7b3d3dd530381c9d9b6b3f91a79a7f7862c9ad031e2291 | Triage

Sharing

General

Target

Server.exe
Size

93KB
Sample

241202-1bj4zszkbk
MD5

9c9a9f7685e33035b35c8f3b33d00987
SHA1

c0c88194e5794dce4017236445dfd33240e73a52
SHA256

cf9d75264ce6d9cc9c7b3d3dd530381c9d9b6b3f91a79a7f7862c9ad031e2291
SHA512

4a2fc30969aee7c232de174d1df59b607b82cc8d87cfaf0a4d0dfbf44d8fa2266f743fa388e3858a839e14fbe917dfd3536b4818d6d0cabac56f726d3dab4456
SSDEEP

1536:9y9r7EkrjaFIs7E5OxFJn8LjEwzGi1dD4DhgS:9yhjau5OfVni1dGe

Score

10^/10

njrat fucked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

fucked

C2

hakim32.ddns.net:2000

cnet-contracting.gl.at.ply.gg:10206

Mutex

861e37b75a05e551d8f5695718427e80

Attributes

reg_key
861e37b75a05e551d8f5695718427e80
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  93KB
- MD5
  
  9c9a9f7685e33035b35c8f3b33d00987
- SHA1
  
  c0c88194e5794dce4017236445dfd33240e73a52
- SHA256
  
  cf9d75264ce6d9cc9c7b3d3dd530381c9d9b6b3f91a79a7f7862c9ad031e2291
- SHA512
  
  4a2fc30969aee7c232de174d1df59b607b82cc8d87cfaf0a4d0dfbf44d8fa2266f743fa388e3858a839e14fbe917dfd3536b4818d6d0cabac56f726d3dab4456
- SSDEEP
  
  1536:9y9r7EkrjaFIs7E5OxFJn8LjEwzGi1dD4DhgS:9yhjau5OfVni1dGe
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops startup file
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation