njrat | 57bcf27847de89d157295113eda30a0a844e41cb93d058e03e45c66dd759b091 | Triage

Sharing

General

Target

Server.exe
Size

37KB
Sample

250403-j671vswjw2
MD5

af3987fa1d2f6bd3534c1e9159e75ee5
SHA1

1e4630ba996567ed16226a10fecaffaa14ab9519
SHA256

57bcf27847de89d157295113eda30a0a844e41cb93d058e03e45c66dd759b091
SHA512

f95657b16e0b8e23643375b4fc8b52cdae19e3994a895830b900de9cfbb41247f07cff91793320793c2bb0152317870936b45005ed38ac075c1998bc962aac81
SSDEEP

384:FeL8CT0i9NdTe/kCOyU7NuvLmDPM+7rAF+rMRTyN/0L+EcoinblneHQM3epzXcN+:ELhT1CFU7NuKbMgrM+rMRa8NuOAt

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

211.178.25.134:1493

Mutex

dd26d5a13ce8b755443113d781bff4f7

Attributes

reg_key
dd26d5a13ce8b755443113d781bff4f7
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  37KB
- MD5
  
  af3987fa1d2f6bd3534c1e9159e75ee5
- SHA1
  
  1e4630ba996567ed16226a10fecaffaa14ab9519
- SHA256
  
  57bcf27847de89d157295113eda30a0a844e41cb93d058e03e45c66dd759b091
- SHA512
  
  f95657b16e0b8e23643375b4fc8b52cdae19e3994a895830b900de9cfbb41247f07cff91793320793c2bb0152317870936b45005ed38ac075c1998bc962aac81
- SSDEEP
  
  384:FeL8CT0i9NdTe/kCOyU7NuvLmDPM+7rAF+rMRTyN/0L+EcoinblneHQM3epzXcN+:ELhT1CFU7NuKbMgrM+rMRa8NuOAt
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Modifies Windows Firewall
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation