njrat | cedfea0974aceb19d6c47fcd22c2082b57813bc8615cb5f5b505f19703ea6173 | Triage

Submit
Reports

Overview

overview

Static

static

Windows Se...in.exe

windows7_x64

Windows Se...in.exe

windows10_x64

Sharing

General

Target

Windows Security Health Service.bin.zip
Size

298KB
Sample

210925-3xj28aeaf7
MD5

c875240e28332c2051dd6e5be257af53
SHA1

e6ef1da4c5889282702e3e745a828ab5c170968c
SHA256

cedfea0974aceb19d6c47fcd22c2082b57813bc8615cb5f5b505f19703ea6173
SHA512

f0602e7d88e7df2b5925bbeca3ddf33e44276aff28496c926e84594b31bc462415af3c5e0fdd394952443a01416e37259a45bafb0770c3fa42498a0768d765e8

Score

10^/10

njrat hacked agilenet persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Windows Security Health Service.bin.exe

Resource

win7-en-20210920

njrat hacked agilenet persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Windows Security Health Service.bin.exe

Resource

win10v20210408

njrat hacked agilenet persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

HacKed

C2

blackhacked.ddns.net:5555

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  Windows Security Health Service.bin
- Size
  
  595KB
- MD5
  
  ba38fee6928359b14d6ab46fd1c6a2e2
- SHA1
  
  d0ffbbdb618a86af97c9a37f8d506cff3b91e377
- SHA256
  
  1cc94a68355afc41f13a6c6136b0d0d212f33a92e1f53a51075f05d49f541310
- SHA512
  
  c1b9650c75a777455e4b8e21e5b01fbf7457928ab4545f5fc74d589da3c27d4ebf7c334c2d9bb5334c401cbf1a8fb68569eded934613799ba018b2261caf3a74
Score

10^/10

njrat hacked agilenet persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedagilenetpersistencetrojan

behavioral2

njrathackedagilenetpersistencetrojan

© 2018-2024

Terms | Privacy