njrat | 0a9d287a3539c979a8c215ca003ca35293c324644e2f2c4dc3a38b4c7f9fa143 | Triage

Submit
Reports

Overview

overview

Static

static

A81N2M36C_...PT.exe

windows7_x64

Sharing

General

Target

A81N2M36C_INV0ICE_RECEIPT.exe
Size

679KB
Sample

220113-1eecxacfb9
MD5

ba79aabe98bf01d3f35359a9332be48f
SHA1

0dbca5bfa445fca16f31bddfe3be23b1a41a80c0
SHA256

0a9d287a3539c979a8c215ca003ca35293c324644e2f2c4dc3a38b4c7f9fa143
SHA512

ad16e94537e80d6a185c6be021eb3b459e204fcc424366d89b222849f60ba00478335a036e66c197609f9a77161b093f7240c7ef1d699ff842fd9289d6e828d3

Score

10^/10

njrat hacked evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

A81N2M36C_INV0ICE_RECEIPT.exe

Resource

win7-en-20211208

njrat hacked evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

1.9

Botnet

HacKed

Mutex

Microsoft.Exe

Attributes

reg_key
Microsoft.Exe

Targets

- Target
  
  A81N2M36C_INV0ICE_RECEIPT.exe
- Size
  
  679KB
- MD5
  
  ba79aabe98bf01d3f35359a9332be48f
- SHA1
  
  0dbca5bfa445fca16f31bddfe3be23b1a41a80c0
- SHA256
  
  0a9d287a3539c979a8c215ca003ca35293c324644e2f2c4dc3a38b4c7f9fa143
- SHA512
  
  ad16e94537e80d6a185c6be021eb3b459e204fcc424366d89b222849f60ba00478335a036e66c197609f9a77161b093f7240c7ef1d699ff842fd9289d6e828d3
Score

10^/10

njrat hacked evasion persistence trojan
- Windows security bypass
  evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Modifies Windows Firewall
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops startup file
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

© 2018-2024

Terms | Privacy