njrat | a14adf3e5aa8fec3cfc100666185c53b5d67f706f17a1506672fd091c763df9a | Triage

Submit
Reports

Overview

overview

Static

static

1f07a7b203...9e.exe

windows7_x64

1f07a7b203...9e.exe

windows10_x64

Sharing

General

Target

1f07a7b203282b0ca58115fe2d75c99e
Size

1.3MB
Sample

211211-mbyqgscebp
MD5

1f07a7b203282b0ca58115fe2d75c99e
SHA1

6ed3158f23986d32347e3e82098f8139a50c9711
SHA256

a14adf3e5aa8fec3cfc100666185c53b5d67f706f17a1506672fd091c763df9a
SHA512

1e4703c2f4a48a401fbbbbb9bd8d02f359b4fc13f45b4b830ba0b7050fffe06740a90069c2e536f6b7b9b2d2695f171b8342d729438c25fa00269e3df6cc2d60

Score

10^/10

njrat xmrig hacked evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

1f07a7b203282b0ca58115fe2d75c99e.exe

Resource

win7-en-20211208

njrat xmrig hacked evasion miner persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1f07a7b203282b0ca58115fe2d75c99e.exe

Resource

win10-en-20211208

njrat xmrig hacked evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

danielgomesb.hopto.org:5552

Mutex

3b8f970743bdfa6173bc9a1d9725d148

Attributes

reg_key
3b8f970743bdfa6173bc9a1d9725d148
splitter
|'|'|

Targets

- Target
  
  1f07a7b203282b0ca58115fe2d75c99e
- Size
  
  1.3MB
- MD5
  
  1f07a7b203282b0ca58115fe2d75c99e
- SHA1
  
  6ed3158f23986d32347e3e82098f8139a50c9711
- SHA256
  
  a14adf3e5aa8fec3cfc100666185c53b5d67f706f17a1506672fd091c763df9a
- SHA512
  
  1e4703c2f4a48a401fbbbbb9bd8d02f359b4fc13f45b4b830ba0b7050fffe06740a90069c2e536f6b7b9b2d2695f171b8342d729438c25fa00269e3df6cc2d60
Score

10^/10

njrat xmrig hacked evasion miner persistence trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratxmrighackedevasionminerpersistencetrojan

behavioral2

njratxmrighackedevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy