njrat | 8b79e79f75578ab62d83e89b6bfaf5404fa868041b880995579f3cd6ae6f995e | Triage

Submit
Reports

Overview

overview

Static

static

5afd70d54c...93.exe

windows7_x64

5afd70d54c...93.exe

windows10_x64

Sharing

General

Target

5afd70d54cc4af7f236894d674842493
Size

776KB
Sample

211018-l1tmdsecen
MD5

5afd70d54cc4af7f236894d674842493
SHA1

6565657adebd3063ba85886e551e551b0bbd6fdb
SHA256

8b79e79f75578ab62d83e89b6bfaf5404fa868041b880995579f3cd6ae6f995e
SHA512

6fa7daafcd661d873bae7e092fab5c89f8a56978003d31b3b91eabc735e50ecc01b8e90f90fbcec193c0656f134b6ce69c98825cfbaeaa07a536ddc5eea641fa

Score

10^/10

njrat taurus batvoi evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

5afd70d54cc4af7f236894d674842493.exe

Resource

win7-en-20211014

njrat taurus batvoi evasion persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5afd70d54cc4af7f236894d674842493.exe

Resource

win10-en-20210920

njrat taurus batvoi evasion persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

Carbonblack2102

Botnet

batvoi

C2

1368.vnh.wtf:5552

Mutex

0de45b5c6627a3e65a4b2a1e68ec841b

Attributes

reg_key
0de45b5c6627a3e65a4b2a1e68ec841b
splitter
|'|'|

Targets

- Target
  
  5afd70d54cc4af7f236894d674842493
- Size
  
  776KB
- MD5
  
  5afd70d54cc4af7f236894d674842493
- SHA1
  
  6565657adebd3063ba85886e551e551b0bbd6fdb
- SHA256
  
  8b79e79f75578ab62d83e89b6bfaf5404fa868041b880995579f3cd6ae6f995e
- SHA512
  
  6fa7daafcd661d873bae7e092fab5c89f8a56978003d31b3b91eabc735e50ecc01b8e90f90fbcec193c0656f134b6ce69c98825cfbaeaa07a536ddc5eea641fa
Score

10^/10

njrat taurus batvoi evasion persistence spyware stealer trojan
- Taurus Stealer
  Taurus is an infostealer first seen in June 2020.
  trojan stealer taurus
- Taurus Stealer Payload
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrattaurusbatvoievasionpersistencespywarestealertrojan

behavioral2

njrattaurusbatvoievasionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy