njrat | 05b7c72a1da0853d41c41b42a3fd1bacb5d605a9a5d706e9c98478fd25bba6f0 | Triage

Sharing

General

Target

JaffaCakes118_05b7c72a1da0853d41c41b42a3fd1bacb5d605a9a5d706e9c98478fd25bba6f0
Size

93KB
Sample

241226-zyandszpds
MD5

a5f47f4bfbb9009048ce431aa3edd25f
SHA1

3278bc895856afb5bb93dd73d9685001815e0d0a
SHA256

05b7c72a1da0853d41c41b42a3fd1bacb5d605a9a5d706e9c98478fd25bba6f0
SHA512

37aaad355025ddd147dd0fc7acdec928f5a5b66bdd5c959ce93a46c7520b2582f4d79f067499af827f6022c9d329d0d00054974f149a0bceecac6da3a4f16e26
SSDEEP

1536:SUFUZFRPmGvMzLNvOnjEwzGi1dDmDggS:SU4RPmGvMz5vOMi1dYJ

Score

10^/10

njrat discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

C2

hakim32.ddns.net:2000

43kpnfdgndf.ddns.net:58905

Mutex

4b925365cf8f2f48a8a8975176c31f1d

Attributes

reg_key
4b925365cf8f2f48a8a8975176c31f1d
splitter
|'|'|

Targets

- Target
  
  JaffaCakes118_05b7c72a1da0853d41c41b42a3fd1bacb5d605a9a5d706e9c98478fd25bba6f0
- Size
  
  93KB
- MD5
  
  a5f47f4bfbb9009048ce431aa3edd25f
- SHA1
  
  3278bc895856afb5bb93dd73d9685001815e0d0a
- SHA256
  
  05b7c72a1da0853d41c41b42a3fd1bacb5d605a9a5d706e9c98478fd25bba6f0
- SHA512
  
  37aaad355025ddd147dd0fc7acdec928f5a5b66bdd5c959ce93a46c7520b2582f4d79f067499af827f6022c9d329d0d00054974f149a0bceecac6da3a4f16e26
- SSDEEP
  
  1536:SUFUZFRPmGvMzLNvOnjEwzGi1dDmDggS:SU4RPmGvMz5vOMi1dYJ
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation