njrat | d5cf8749638c96e98d4daae21da684b45da35fc3800247054ea6e8275a51a09d | Triage

Submit
Reports

Overview

overview

Static

static

D5CF874963...24.exe

windows7_x64

D5CF874963...24.exe

windows10_x64

Sharing

General

Target

D5CF8749638C96E98D4DAAE21DA684B45DA35FC380024.exe
Size

93KB
Sample

210916-v65raagfhp
MD5

6bce1d7caa5f71ca7d4620296fc9d775
SHA1

c4af16a65dbdb2a17fe4c3e4811d953c5d501808
SHA256

d5cf8749638c96e98d4daae21da684b45da35fc3800247054ea6e8275a51a09d
SHA512

49a0cf6b7faa0fd314ac9fdf8813733e797c5d2c8182d47947e9af793ae6c926b1a58c7a9e3bacc1b661b72f9804214d848630c27eb26cc24b25d7f99aeb4408

Score

10^/10

njrat xmrig hacked evasion miner suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

D5CF8749638C96E98D4DAAE21DA684B45DA35FC380024.exe

Resource

win7v20210408

njrat xmrig hacked evasion miner suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

D5CF8749638C96E98D4DAAE21DA684B45DA35FC380024.exe

Resource

win10-en

njrat xmrig hacked evasion miner suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

OC50Y3Aubmdyb2suaW8Strik:MTUxMTQg

Mutex

e482830431b4f84bd1e9ebb6982c8a62

Attributes

reg_key
e482830431b4f84bd1e9ebb6982c8a62
splitter
|'|'|

Targets

- Target
  
  D5CF8749638C96E98D4DAAE21DA684B45DA35FC380024.exe
- Size
  
  93KB
- MD5
  
  6bce1d7caa5f71ca7d4620296fc9d775
- SHA1
  
  c4af16a65dbdb2a17fe4c3e4811d953c5d501808
- SHA256
  
  d5cf8749638c96e98d4daae21da684b45da35fc3800247054ea6e8275a51a09d
- SHA512
  
  49a0cf6b7faa0fd314ac9fdf8813733e797c5d2c8182d47947e9af793ae6c926b1a58c7a9e3bacc1b661b72f9804214d848630c27eb26cc24b25d7f99aeb4408
Score

10^/10

njrat xmrig hacked evasion miner suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratxmrighackedevasionminersuricatatrojan

behavioral2

njratxmrighackedevasionminersuricatatrojan

© 2018-2024

Terms | Privacy