njrat | 604c74ab831593a53bef2aed10ee5c62e90cb3f536ae513425128c4f37d47530 | Triage

Sharing

General

Target

Server.exe
Size

93KB
Sample

250301-wnb7paxqx5
MD5

7dfbdd1e016c33c9a440c03ad613c098
SHA1

1f62f66eab056aa5a5494ea4abbf756b7cc06c67
SHA256

604c74ab831593a53bef2aed10ee5c62e90cb3f536ae513425128c4f37d47530
SHA512

dd50674e3cb1b50623bf6c7fd467143ce50459996663dc6a568ce41d04f05ec35ed03d136874cf45fcef871776575fe2082a281b374f1bda223c9ca6ae810441
SSDEEP

1536:bU/r7EkrjaFIs7E5OxzJn8LjEwzGi1dDLDFgS:bU7jau5OVVni1drS

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

designed-circuit.gl.at.ply.gg:5555

Mutex

21708ce4f6dfec28a77d4a18ce385b58

Attributes

reg_key
21708ce4f6dfec28a77d4a18ce385b58
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  93KB
- MD5
  
  7dfbdd1e016c33c9a440c03ad613c098
- SHA1
  
  1f62f66eab056aa5a5494ea4abbf756b7cc06c67
- SHA256
  
  604c74ab831593a53bef2aed10ee5c62e90cb3f536ae513425128c4f37d47530
- SHA512
  
  dd50674e3cb1b50623bf6c7fd467143ce50459996663dc6a568ce41d04f05ec35ed03d136874cf45fcef871776575fe2082a281b374f1bda223c9ca6ae810441
- SSDEEP
  
  1536:bU/r7EkrjaFIs7E5OxzJn8LjEwzGi1dDLDFgS:bU7jau5OVVni1drS
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Modifies Windows Firewall
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation