njrat | 97068a4238e0c80d004ecc1cc654c54ec37f46d553dfc1f2a036cf554d832ac7 | Triage

Submit
Reports

Overview

overview

Static

static

97068a4238...c7.exe

windows7_x64

97068a4238...c7.exe

windows10-2004_x64

Sharing

General

Target

97068a4238e0c80d004ecc1cc654c54ec37f46d553dfc1f2a036cf554d832ac7
Size

19.2MB
Sample

220324-2gbkgacack
MD5

52a0cd270cdec3c8e884b2c26d93da60
SHA1

00b2d7cf85a7905fa6905b693cc5940bc12464ed
SHA256

97068a4238e0c80d004ecc1cc654c54ec37f46d553dfc1f2a036cf554d832ac7
SHA512

c74169ee90682378296ffa2649da3a065295f13390de5bacf643ddc0a1449e8cbe5168451587a27c323260cb7943332cad2075427664faf72ea0a89e508aa0ee

Score

10^/10

njrat hacked by hidden person persistence pyinstaller trojan

Static task

static1

Behavioral task

behavioral1

Sample

97068a4238e0c80d004ecc1cc654c54ec37f46d553dfc1f2a036cf554d832ac7.exe

Resource

win7-20220311-en

njrat hacked by hidden person persistence pyinstaller trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

97068a4238e0c80d004ecc1cc654c54ec37f46d553dfc1f2a036cf554d832ac7.exe

Resource

win10v2004-en-20220113

njrat hacked by hidden person persistence pyinstaller trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Botnet

Hacked By HiDDen PerSOn

Mutex

f61357b8b080724a5c9d83bf17ac5a23

Attributes

reg_key
f61357b8b080724a5c9d83bf17ac5a23

Targets

- Target
  
  97068a4238e0c80d004ecc1cc654c54ec37f46d553dfc1f2a036cf554d832ac7
- Size
  
  19.2MB
- MD5
  
  52a0cd270cdec3c8e884b2c26d93da60
- SHA1
  
  00b2d7cf85a7905fa6905b693cc5940bc12464ed
- SHA256
  
  97068a4238e0c80d004ecc1cc654c54ec37f46d553dfc1f2a036cf554d832ac7
- SHA512
  
  c74169ee90682378296ffa2649da3a065295f13390de5bacf643ddc0a1449e8cbe5168451587a27c323260cb7943332cad2075427664faf72ea0a89e508aa0ee
Score

10^/10

njrat hacked by hidden person persistence pyinstaller trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathacked by hidden personpersistencepyinstallertrojan

behavioral2

njrathacked by hidden personpersistencepyinstallertrojan

© 2018-2024

Terms | Privacy