njrat | 5e60c0da6dafe0657bb7e4992e57ec85f66bfe5e70c0dfc0a88330a2e1e064a9 | Triage

Sharing

General

Target

Server.exe
Size

37KB
Sample

250225-ezq2jstqx8
MD5

cac9d95a45ee4a29f7210332417f3e8e
SHA1

25d10f531bd84274c8644880dcd310c7b0a4709c
SHA256

5e60c0da6dafe0657bb7e4992e57ec85f66bfe5e70c0dfc0a88330a2e1e064a9
SHA512

6bed1d183859627a69f09ecff48db1d45a1e09d79ca4dee68bf387f7de357371b6d06e60e53b890725386369683d3e68df8a5a1625f1bbace560437b9cee3209
SSDEEP

384:Q6l+yw7BeAaXaEiVbzdmB0O4yUvNixgp+Z2v/RYJ/oM6IMrAF+rMRTyN/0L+Eco3:Jcyw79POTUvNZYv6trM+rMRa8NuM3t

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

64.65.123.187:8953

Mutex

7ff806b5089a606d6b9c29f9cbdb46a6

Attributes

reg_key
7ff806b5089a606d6b9c29f9cbdb46a6
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  37KB
- MD5
  
  cac9d95a45ee4a29f7210332417f3e8e
- SHA1
  
  25d10f531bd84274c8644880dcd310c7b0a4709c
- SHA256
  
  5e60c0da6dafe0657bb7e4992e57ec85f66bfe5e70c0dfc0a88330a2e1e064a9
- SHA512
  
  6bed1d183859627a69f09ecff48db1d45a1e09d79ca4dee68bf387f7de357371b6d06e60e53b890725386369683d3e68df8a5a1625f1bbace560437b9cee3209
- SSDEEP
  
  384:Q6l+yw7BeAaXaEiVbzdmB0O4yUvNixgp+Z2v/RYJ/oM6IMrAF+rMRTyN/0L+Eco3:Jcyw79POTUvNZYv6trM+rMRa8NuM3t
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Modifies Windows Firewall
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation