njrat | f455e9cebe097d68dec0d3de79f26cd003d6acdf9ac78c369cd2cf537910872a | Triage

Sharing

General

Target

f455e9cebe097d68dec0d3de79f26cd003d6acdf9ac78c369cd2cf537910872a.exe
Size

93KB
Sample

250102-kap1vatjd1
MD5

8460f9ad208bc215ca0f9a197d4164ed
SHA1

e674ff30ff40eafb3e5bbb0801e83489aa7f83b4
SHA256

f455e9cebe097d68dec0d3de79f26cd003d6acdf9ac78c369cd2cf537910872a
SHA512

8b4e42f29008ee01891699721eb32127ee03296c0049eccd6a4cc6da470f9efffd2caec0fdf3e2eb317f1b1e2e9b908d8298453aaa51d01fa9185e7003098123
SSDEEP

1536:iUrnEoSnsqS5ut/YMR8SjEwzGi1dDvDJgSU:iU3SnsqS5uVYM+7i1dHGV

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:4444

Mutex

e5bef73e53e8a9ca1ae2681b9a60d3a3

Attributes

reg_key
e5bef73e53e8a9ca1ae2681b9a60d3a3
splitter
|'|'|

Targets

- Target
  
  f455e9cebe097d68dec0d3de79f26cd003d6acdf9ac78c369cd2cf537910872a.exe
- Size
  
  93KB
- MD5
  
  8460f9ad208bc215ca0f9a197d4164ed
- SHA1
  
  e674ff30ff40eafb3e5bbb0801e83489aa7f83b4
- SHA256
  
  f455e9cebe097d68dec0d3de79f26cd003d6acdf9ac78c369cd2cf537910872a
- SHA512
  
  8b4e42f29008ee01891699721eb32127ee03296c0049eccd6a4cc6da470f9efffd2caec0fdf3e2eb317f1b1e2e9b908d8298453aaa51d01fa9185e7003098123
- SSDEEP
  
  1536:iUrnEoSnsqS5ut/YMR8SjEwzGi1dDvDJgSU:iU3SnsqS5uVYM+7i1dHGV
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation