njrat | eb0f65747e9a432c1745022786275520af262050f6111f9a79db1dcc42a24402 | Triage

Sharing

General

Target

Server.exe
Size

37KB
Sample

250117-vpnfnsxrbp
MD5

5f27d04777ef058867bf548cbdc25f32
SHA1

fbf43c25edeafe07292f1ba244066b72c60e3b51
SHA256

eb0f65747e9a432c1745022786275520af262050f6111f9a79db1dcc42a24402
SHA512

db970c79d8f1faee1cdfcb333bd3de4d136cb787f1eb7423a30f5c222d1e64a83bd17f7aea8d56c8f05d6d5ba7f902b865984a882332b77d5a199c2b69fa8615
SSDEEP

384:xLKCT0i9XdTe/kCOyU7H4fVADXCwRrAF+rMRTyN/0L+EcoinblneHQM3epzXxNrm:N/d1CFU7H4SjCArM+rMRa8NuHct

Score

10^/10

njrat hacked discovery evasion persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

10.0.2.15:5552

Mutex

a85ad049fd8ff3c6b9f3d741a16c64cd

Attributes

reg_key
a85ad049fd8ff3c6b9f3d741a16c64cd
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  37KB
- MD5
  
  5f27d04777ef058867bf548cbdc25f32
- SHA1
  
  fbf43c25edeafe07292f1ba244066b72c60e3b51
- SHA256
  
  eb0f65747e9a432c1745022786275520af262050f6111f9a79db1dcc42a24402
- SHA512
  
  db970c79d8f1faee1cdfcb333bd3de4d136cb787f1eb7423a30f5c222d1e64a83bd17f7aea8d56c8f05d6d5ba7f902b865984a882332b77d5a199c2b69fa8615
- SSDEEP
  
  384:xLKCT0i9XdTe/kCOyU7H4fVADXCwRrAF+rMRTyN/0L+EcoinblneHQM3epzXxNrm:N/d1CFU7H4SjCArM+rMRa8NuHct
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation