njrat | 32442d2c9761778c83e858ad1c526b1e43d7a6525151088c5ec790ef693dc250 | Triage

Sharing

General

Target

54.exe
Size

37KB
Sample

250403-j7729aszcv
MD5

24da20d341d8876b6346e9d32078f670
SHA1

3c34aa2d297f4d70007c08e3097af9fbba71b1e0
SHA256

32442d2c9761778c83e858ad1c526b1e43d7a6525151088c5ec790ef693dc250
SHA512

b75ca39c36a4a9342ad46b46248c23f955f21e2f20e3609705a98342b20d336aa9e0ab56891538ff4b5c139053e89b022f2b310f717f9c720b3ca8f55a217614
SSDEEP

384:s6U+yw7BeAaXaEiVbzdmB0O4yUvNixgp+Z2v/RYJ/oM6IxrAF+rMRTyN/0L+EcoO:tryw79POTUvNZYv64rM+rMRa8Nu9+Yt

Score

10^/10

njrat hacked defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

ksmj.ddns.net:1493

Mutex

3ad1e9739c9a4090463fd61e32132dc1

Attributes

reg_key
3ad1e9739c9a4090463fd61e32132dc1
splitter
|'|'|

Targets

- Target
  
  54.exe
- Size
  
  37KB
- MD5
  
  24da20d341d8876b6346e9d32078f670
- SHA1
  
  3c34aa2d297f4d70007c08e3097af9fbba71b1e0
- SHA256
  
  32442d2c9761778c83e858ad1c526b1e43d7a6525151088c5ec790ef693dc250
- SHA512
  
  b75ca39c36a4a9342ad46b46248c23f955f21e2f20e3609705a98342b20d336aa9e0ab56891538ff4b5c139053e89b022f2b310f717f9c720b3ca8f55a217614
- SSDEEP
  
  384:s6U+yw7BeAaXaEiVbzdmB0O4yUvNixgp+Z2v/RYJ/oM6IxrAF+rMRTyN/0L+EcoO:tryw79POTUvNZYv64rM+rMRa8Nu9+Yt
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Modifies Windows Firewall
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation