njrat | fb8ccba3d2d160e131c23b741394c019decda9624ee10a4bf27a20fc3391b9b6 | Triage

Sharing

General

Target

JaffaCakes118_ebc00fba1ae6fca850df2e602336ff40
Size

40KB
Sample

250110-xsgteavrdj
MD5

ebc00fba1ae6fca850df2e602336ff40
SHA1

bfea3cafcd1e7b1dc60628dbe3e6ff39b6a8696d
SHA256

fb8ccba3d2d160e131c23b741394c019decda9624ee10a4bf27a20fc3391b9b6
SHA512

1102ee7607d3ee6f51188b3d5d740239ad47b4b91fd67d3e3a82d6bd0c3804588b0b35a94bd15a5af1f78dcb162df1fda7ca88d71b86ca5d2d34088d3a9ad2cb
SSDEEP

768:yf7izEbXUQQXr34oZ7OuQdOsVhyV6Q+3DI:yf7iwbEp4oxOuchyEd

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

1.9

Botnet

HacKed

Mutex

Microsoft.Exe

Attributes

reg_key
Microsoft.Exe

Targets

- Target
  
  JaffaCakes118_ebc00fba1ae6fca850df2e602336ff40
- Size
  
  40KB
- MD5
  
  ebc00fba1ae6fca850df2e602336ff40
- SHA1
  
  bfea3cafcd1e7b1dc60628dbe3e6ff39b6a8696d
- SHA256
  
  fb8ccba3d2d160e131c23b741394c019decda9624ee10a4bf27a20fc3391b9b6
- SHA512
  
  1102ee7607d3ee6f51188b3d5d740239ad47b4b91fd67d3e3a82d6bd0c3804588b0b35a94bd15a5af1f78dcb162df1fda7ca88d71b86ca5d2d34088d3a9ad2cb
- SSDEEP
  
  768:yf7izEbXUQQXr34oZ7OuQdOsVhyV6Q+3DI:yf7iwbEp4oxOuchyEd
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation