njrat | 6ae78f6d033a71828e1c27fbc946eb2e54bbb1bbaf54f541bcb89b4923d4baf8

General

Target

rdr2_cheat.rar
Size

4.5MB
Sample

210417-j91s5g6ss2
MD5

4c765ea7c77b78157630b2eb6b15338b
SHA1

6cafcfb6e3ab32fd6365f292972fe8c3899cd861
SHA256

6ae78f6d033a71828e1c27fbc946eb2e54bbb1bbaf54f541bcb89b4923d4baf8
SHA512

69d60fb7a8dbc247f56cb6c72e86107bd9d24e7fc3ad591e1ed537cfe1c331fbf71a52c05c7b2c9c47788724657b8df5f5df408ab958fc86895226fcf0200113

Score

10^/10

Malware Config

Targets

- Target
  
  Xenos/Xenos.exe
- Size
  
  2.7MB
- MD5
  
  5ace881a1b19ebadba5a61e54a09ace6
- SHA1
  
  49c128c18def94c80dbe88252e7314de4a11bdcc
- SHA256
  
  9d87b177d70801208016cd051a5d64ad806812e3a88d1620ec988eb4b9ef2757
- SHA512
  
  3a921ab09a84b68e4fd99ad20787c14bbfde6cc109f13e3cc0c390592cd065753d3e58f185ba51862b5355b5e67127a998cdf6fc401e713f3f22086e4ac2a057
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  Xenos/Xenos64.exe
- Size
  
  1.7MB
- MD5
  
  60353054a7bc4c9ed8189bc4f5086eb0
- SHA1
  
  a787aed5e3ecb6986fd7dc6eb240342c74e9709a
- SHA256
  
  6040f88011800fb52b4ec898d15060960b290165876ea27e1cb9b75b19a1f545
- SHA512
  
  35e531c9fa92b10180d4d81728c093b51dbd6c1b5e24f3a2bab0b98d10d7cafd3889fb0582f0f45c90a005bd7cf01406dd589c2a8ecb3f5e587989749e4ea272
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4