njrat | 376c8edbafb727e3c48081ac3c6751dd6b73e73462c2a26794b37cd44be4344d | Triage

Submit
Reports

Overview

overview

Static

static

376C8EDBAF...2A.exe

windows7_x64

376C8EDBAF...2A.exe

windows10_x64

Sharing

General

Target

376C8EDBAFB727E3C48081AC3C6751DD6B73E73462C2A.exe
Size

93KB
Sample

211110-fbtm7sdear
MD5

9f9dbbcabdc0f57b9b0d2f81410f5b5f
SHA1

b524af77112c726613fac681ba93d174e5c31932
SHA256

376c8edbafb727e3c48081ac3c6751dd6b73e73462c2a26794b37cd44be4344d
SHA512

e8828f4caa5e325f51ed5cc07e40acbb807485bc28e7df55b11432972dcf28cd749ee543cb63bd4815919f4f24f94aa063acef9c994a5764562061ec9b8cf91b

Score

10^/10

njrat xmrig hacked evasion miner suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

376C8EDBAFB727E3C48081AC3C6751DD6B73E73462C2A.exe

Resource

win7-en-20211104

njrat xmrig hacked evasion miner suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

376C8EDBAFB727E3C48081AC3C6751DD6B73E73462C2A.exe

Resource

win10-en-20211104

njrat xmrig hacked evasion miner suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

FRANSESCOC50Y3Aubmdyb2suaW8Strik:MTIxNjE=

Mutex

854ee8c16d20a740152aef12b1a29af6

Attributes

reg_key
854ee8c16d20a740152aef12b1a29af6
splitter
|'|'|

Targets

- Target
  
  376C8EDBAFB727E3C48081AC3C6751DD6B73E73462C2A.exe
- Size
  
  93KB
- MD5
  
  9f9dbbcabdc0f57b9b0d2f81410f5b5f
- SHA1
  
  b524af77112c726613fac681ba93d174e5c31932
- SHA256
  
  376c8edbafb727e3c48081ac3c6751dd6b73e73462c2a26794b37cd44be4344d
- SHA512
  
  e8828f4caa5e325f51ed5cc07e40acbb807485bc28e7df55b11432972dcf28cd749ee543cb63bd4815919f4f24f94aa063acef9c994a5764562061ec9b8cf91b
Score

10^/10

njrat xmrig hacked evasion miner suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratxmrighackedevasionminersuricatatrojan

behavioral2

njratxmrighackedevasionminersuricatatrojan

© 2018-2024

Terms | Privacy