njrat | 1533b9de82005b4bf380285e98eedd9a3fe16150584a2608d3c70b5a55695fe8 | Triage

Sharing

General

Target

Servxer.exe
Size

37KB
Sample

250225-e1kwxstrv2
MD5

4212f0941278fb43853fa70af9f2d939
SHA1

c2cf5479900c76d1276a8f16090439e89aada2e8
SHA256

1533b9de82005b4bf380285e98eedd9a3fe16150584a2608d3c70b5a55695fe8
SHA512

5c3cbe18a9d08bc4c7631fdd02e85d185357f4b225f49c81d0e30f7cb60aaa3ee7e1ac0c391fcd1cace7e14f074af47aad29a1112d3abe6427b473889381c64b
SSDEEP

384:6mqQilQhHeTnMGiyMTFU3nuj346arAF+rMRTyN/0L+EcoinblneHQM3epzXCNrnX:bLSMGxMTFUej4xrM+rMRa8NuA/t

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

192.168.8.77:8953

Mutex

b351c66d912a1670af37525a1aea768f

Attributes

reg_key
b351c66d912a1670af37525a1aea768f
splitter
|'|'|

Targets

- Target
  
  Servxer.exe
- Size
  
  37KB
- MD5
  
  4212f0941278fb43853fa70af9f2d939
- SHA1
  
  c2cf5479900c76d1276a8f16090439e89aada2e8
- SHA256
  
  1533b9de82005b4bf380285e98eedd9a3fe16150584a2608d3c70b5a55695fe8
- SHA512
  
  5c3cbe18a9d08bc4c7631fdd02e85d185357f4b225f49c81d0e30f7cb60aaa3ee7e1ac0c391fcd1cace7e14f074af47aad29a1112d3abe6427b473889381c64b
- SSDEEP
  
  384:6mqQilQhHeTnMGiyMTFU3nuj346arAF+rMRTyN/0L+EcoinblneHQM3epzXCNrnX:bLSMGxMTFUej4xrM+rMRa8NuA/t
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Modifies Windows Firewall
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation