njrat | 570883baaf5872e7c0a9ee6d002d9f45ce30a67280d8fef5108c25c75d5926e4 | Triage

Sharing

General

Target

1930cd7e01213647c755ea2b95d1e86c.exe
Size

93KB
Sample

250228-2lpb5a1tgz
MD5

1930cd7e01213647c755ea2b95d1e86c
SHA1

dde1bb1e917a866075d0c02efaec9e0004c3c39f
SHA256

570883baaf5872e7c0a9ee6d002d9f45ce30a67280d8fef5108c25c75d5926e4
SHA512

b958ba45a33392bd68f0c8e639a30dec843d18ec576a4c69fa72fa428eea351cd9c9ee2cc65be2f42b0a7ef5c4ed0800e4304f1aebe5dedd482710b749c9ae75
SSDEEP

1536:SSmC+xhUa9urgOB9RNvM4jEwzGi1dDzD7gS:SSgUa9urgONdGi1dD0

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

hacked

C2

hakim32.ddns.net:2000

2.49.150.25:5552

Mutex

7c85d3a0042d7fdde706358eeead3c25

Attributes

reg_key
7c85d3a0042d7fdde706358eeead3c25
splitter
|'|'|

Targets

- Target
  
  1930cd7e01213647c755ea2b95d1e86c.exe
- Size
  
  93KB
- MD5
  
  1930cd7e01213647c755ea2b95d1e86c
- SHA1
  
  dde1bb1e917a866075d0c02efaec9e0004c3c39f
- SHA256
  
  570883baaf5872e7c0a9ee6d002d9f45ce30a67280d8fef5108c25c75d5926e4
- SHA512
  
  b958ba45a33392bd68f0c8e639a30dec843d18ec576a4c69fa72fa428eea351cd9c9ee2cc65be2f42b0a7ef5c4ed0800e4304f1aebe5dedd482710b749c9ae75
- SSDEEP
  
  1536:SSmC+xhUa9urgOB9RNvM4jEwzGi1dDzD7gS:SSgUa9urgONdGi1dD0
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Modifies Windows Firewall
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation

behavioral2

defense_evasiondiscoverypersistenceprivilege_escalation