njrat | 6b6c079401e47ab7c10a16fec31f9e330b3730f0e9f925caa43368b95a421b5e | Triage

Submit
Reports

Overview

overview

Static

static

b28f74c18b...1c.exe

windows7_x64

b28f74c18b...1c.exe

windows10_x64

Sharing

General

Target

b28f74c18bf85bea722d915ee65f5f1c.exe
Size

7.2MB
Sample

211222-md8y8sfcb7
MD5

b28f74c18bf85bea722d915ee65f5f1c
SHA1

fff14f1641964aa645eb79d8e85786b6bbc42664
SHA256

6b6c079401e47ab7c10a16fec31f9e330b3730f0e9f925caa43368b95a421b5e
SHA512

3b1eaa9ed38fd4498d92b66f048509be96376bbd1384c3bfa2471786ff395a95c87b64d6b6e730c91a56ac1afd1ba76bba01d4f30470e426f972e702be881825

Score

10^/10

njrat user evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b28f74c18bf85bea722d915ee65f5f1c.exe

Resource

win7-en-20211208

njrat user evasion trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b28f74c18bf85bea722d915ee65f5f1c.exe

Resource

win10-en-20211208

njrat user evasion persistence trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

user

C2

6.tcp.ngrok.io:18635

Mutex

f1772f647278bebfd846fd1a1dc56683

Attributes

reg_key
f1772f647278bebfd846fd1a1dc56683
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  b28f74c18bf85bea722d915ee65f5f1c.exe
- Size
  
  7.2MB
- MD5
  
  b28f74c18bf85bea722d915ee65f5f1c
- SHA1
  
  fff14f1641964aa645eb79d8e85786b6bbc42664
- SHA256
  
  6b6c079401e47ab7c10a16fec31f9e330b3730f0e9f925caa43368b95a421b5e
- SHA512
  
  3b1eaa9ed38fd4498d92b66f048509be96376bbd1384c3bfa2471786ff395a95c87b64d6b6e730c91a56ac1afd1ba76bba01d4f30470e426f972e702be881825
Score

10^/10

njrat user evasion trojan persistence upx
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratuserevasiontrojan

behavioral2

njratuserevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy