njrat | 6d498dd502299432d28c52c34726738dac6f0466e12caf4240e09231a00b0d01 | Triage

Sharing

General

Target

Server.exe
Size

93KB
Sample

250325-yse59avp17
MD5

b639b796e755ba9a04a6a5f2900fc084
SHA1

e1f8a378c4b2c46c873ae77453399b1e9dc01b14
SHA256

6d498dd502299432d28c52c34726738dac6f0466e12caf4240e09231a00b0d01
SHA512

cc0e3c2fc6bbc0fc0c4b490d46090b7ab4bc3538784bcfbad46d93b064a938c6d80ea20628eae2afcae74410477af7522ab7b00807a6dc991b372b8cdd99be9f
SSDEEP

1536:mU+8mGnrQr1EsOoYdsjEwzGi1dDmDFgS:mUvnrQr11r2i1doS

Score

10^/10

njrat runtim14531oker.exe defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Runtim14531oker.exe

C2

hakim32.ddns.net:2000

morning-ultimately.gl.at.ply.gg::14531

Mutex

18f92744a712890ce1a5852179df81aa

Attributes

reg_key
18f92744a712890ce1a5852179df81aa
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  93KB
- MD5
  
  b639b796e755ba9a04a6a5f2900fc084
- SHA1
  
  e1f8a378c4b2c46c873ae77453399b1e9dc01b14
- SHA256
  
  6d498dd502299432d28c52c34726738dac6f0466e12caf4240e09231a00b0d01
- SHA512
  
  cc0e3c2fc6bbc0fc0c4b490d46090b7ab4bc3538784bcfbad46d93b064a938c6d80ea20628eae2afcae74410477af7522ab7b00807a6dc991b372b8cdd99be9f
- SSDEEP
  
  1536:mU+8mGnrQr1EsOoYdsjEwzGi1dDmDFgS:mUvnrQr11r2i1doS
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Modifies Windows Firewall
  defense_evasion
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

runtim14531oker.exenjrat

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation

behavioral2

defense_evasiondiscoverypersistenceprivilege_escalation