njrat | 6977bf2c439cf1b242f161a6ed881e630a43cc52079a41cb17daa52af0906460 | Triage

Sharing

General

Target

Desktop.rar
Size

32KB
Sample

250403-j1px4asybz
MD5

fa74acf4fccc82452b85a3a30f42e5fa
SHA1

8f8c8bde12d198014f8f9dd9707ecd5e4247be83
SHA256

6977bf2c439cf1b242f161a6ed881e630a43cc52079a41cb17daa52af0906460
SHA512

7eb78967e23e59cc3ffc40079966160a301c4f899154d45ac72db1ccab9e84028d791e4492db87e4e57cf2a8f374aa5f10354427de594d356d21a59ded27d93b
SSDEEP

768:RbCH9lunhJhsmA5wOns35OM2/M0ty0Ox9Giy:5CzchJ7A+r35OMCM0t7Ox9w

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

ksmj.ddns.net:1493

211.178.25.134:1493

Mutex

3ad1e9739c9a4090463fd61e32132dc1

Attributes

reg_key
3ad1e9739c9a4090463fd61e32132dc1
splitter
|'|'|

Targets

- Target
  
  1.exe
- Size
  
  37KB
- MD5
  
  f6ef1394d63000703c43e8665f0954bd
- SHA1
  
  87ffc35db067d25e01e250c2b8fb7ea952780c91
- SHA256
  
  e1010ce81a4480153b6b0b9c60153988e8372812597636e593874bed4ce35459
- SHA512
  
  6c1b45b4e99917c7067951b13bf2171193619a31606dabd69135662d9f9f12a750c301c2c4e3cf2d0496f025dc203c1cf43c98b0774edd499d099971ade91673
- SSDEEP
  
  384:D6M+yw7BeAaXaEiVbzdmB0O4yUvNixgp+Z2v/RYJ/oM6IxrAF+rMRTyN/0L+Eco8:ODyw79POTUvNZYv64rM+rMRa8Nu9+ut
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Modifies Windows Firewall
  defense_evasion
behavioral1
- Target
  
  2.exe
- Size
  
  37KB
- MD5
  
  7a3c76859c6214a1e4684bef2f2c48b9
- SHA1
  
  92f83cac4574ca11c24fed6cda219e4b27068bba
- SHA256
  
  c3fd2a04a522f771dc85a5b16166f2ac2fe48389cbb58d42602ce32b90ff73fd
- SHA512
  
  b87b70cea0e498c310d64315e9fd3cdffa71f329cfc8bd125c7b488300de7a00b3e5a9712be0cc63f4b1c58d8d62547a5e295c41f8a822279c7a43b81e0eb2e2
- SSDEEP
  
  384:eeL8CT0i9NdTe/kCOyU7NuvLmDPM+7rAF+rMRTyN/0L+EcoinblneHQM3epzXcNZ:zLhT1CFU7NuKbMgrM+rMRa8NuOdt
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Modifies Windows Firewall
  defense_evasion
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation

behavioral2

defense_evasiondiscoverypersistenceprivilege_escalation