njrat | cc51fd756b80ed81ee15de579a2d61242a339de120f50bb39dd2301fd4e02405 | Triage

Submit
Reports

Overview

overview

Static

static

2021-04-22 RFQ.exe

windows7_x64

2021-04-22 RFQ.exe

windows10_x64

Sharing

General

Target

2021-04-22 RFQ.exe
Size

328KB
Sample

210422-av81j3j1z2
MD5

b29cb4fb6d8c783a980e0a9b1204ada2
SHA1

a0aa15dbbd56f6c1a7d64c979b7cc2b824723f59
SHA256

cc51fd756b80ed81ee15de579a2d61242a339de120f50bb39dd2301fd4e02405
SHA512

47c65b3a2e1983393821ee762c4b6164203a707262dfe1a46c449f567db2d0b063c4c4ce00453ed7ed56af42b82db291e0dda2e51ef0fa2128ef5bb1ed4b6b9a

Score

10^/10

njrat 2021$$$agilenet evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

2021-04-22 RFQ.exe

Resource

win7v20210410

njrat 2021$$$agilenet evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2021-04-22 RFQ.exe

Resource

win10v20210410

njrat 2021$$$agilenet evasion persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

2021$$$

C2

194.5.98.210:4040

Mutex

0ef5de3f5b1fb89677ba03e41fa0a05a

Attributes

reg_key
0ef5de3f5b1fb89677ba03e41fa0a05a
splitter
|'|'|

Targets

- Target
  
  2021-04-22 RFQ.exe
- Size
  
  328KB
- MD5
  
  b29cb4fb6d8c783a980e0a9b1204ada2
- SHA1
  
  a0aa15dbbd56f6c1a7d64c979b7cc2b824723f59
- SHA256
  
  cc51fd756b80ed81ee15de579a2d61242a339de120f50bb39dd2301fd4e02405
- SHA512
  
  47c65b3a2e1983393821ee762c4b6164203a707262dfe1a46c449f567db2d0b063c4c4ce00453ed7ed56af42b82db291e0dda2e51ef0fa2128ef5bb1ed4b6b9a
Score

10^/10

njrat 2021$$$agilenet evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrat2021$$$agilenetevasionpersistencetrojan

behavioral2

njrat2021$$$agilenetevasionpersistencetrojan

© 2018-2024

Terms | Privacy