njrat | e1707f3697443452ed3ebff0b477f13bf3a19a48a4b397fba55baaf7133f6fca | Triage

Submit
Reports

Overview

overview

Static

static

e1707f3697...ca.exe

windows7_x64

e1707f3697...ca.exe

windows10_x64

Sharing

General

Target

e1707f3697443452ed3ebff0b477f13bf3a19a48a4b397fba55baaf7133f6fca
Size

396KB
Sample

210914-hcypnafba9
MD5

656436be4766884dd8fe86631f7d101a
SHA1

e527e92099388b0d77a556449ec2a3d3cdb71fbc
SHA256

e1707f3697443452ed3ebff0b477f13bf3a19a48a4b397fba55baaf7133f6fca
SHA512

b81b3efc74cd7bf4d0209b94711bf62d48d4507451c5c1fc8bda4be564eca74837e110646b1122d1d2805d2bf3400f43056bd082d9ac378d0d2ac5d29f6e0c3a

Score

10^/10

njrat evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

e1707f3697443452ed3ebff0b477f13bf3a19a48a4b397fba55baaf7133f6fca.exe

Resource

win7v20210408

njrat evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e1707f3697443452ed3ebff0b477f13bf3a19a48a4b397fba55baaf7133f6fca.exe

Resource

win10-en

njrat evasion persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e1707f3697443452ed3ebff0b477f13bf3a19a48a4b397fba55baaf7133f6fca
- Size
  
  396KB
- MD5
  
  656436be4766884dd8fe86631f7d101a
- SHA1
  
  e527e92099388b0d77a556449ec2a3d3cdb71fbc
- SHA256
  
  e1707f3697443452ed3ebff0b477f13bf3a19a48a4b397fba55baaf7133f6fca
- SHA512
  
  b81b3efc74cd7bf4d0209b94711bf62d48d4507451c5c1fc8bda4be564eca74837e110646b1122d1d2805d2bf3400f43056bd082d9ac378d0d2ac5d29f6e0c3a
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan

© 2018-2024

Terms | Privacy