njrat | 468c50e0e09f85a3c79e8cb5c74863e52ff3482eb2f01904727572795aad8ec4 | Triage

Submit
Reports

Overview

overview

Static

static

5

468c50e0e0...c4.exe

windows7_x64

468c50e0e0...c4.exe

windows10-2004_x64

Sharing

General

Target

468c50e0e09f85a3c79e8cb5c74863e52ff3482eb2f01904727572795aad8ec4
Size

911KB
Sample

220707-kclq7sbaa2
MD5

5643f0b2bfcabcad1801cbd8037a0ead
SHA1

32501f11788468078d43eee8b5766b297924b40a
SHA256

468c50e0e09f85a3c79e8cb5c74863e52ff3482eb2f01904727572795aad8ec4
SHA512

7f7b16e18a2fb871eea08664d36d07aa72fb9d090e3ec96c03068745eabb9562ec8910b061f4c9919dbdd8da185685bd82a1b19b1bf85d109d03a00d569d732e

Score

10^/10

njrat jan_22xploit evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

468c50e0e09f85a3c79e8cb5c74863e52ff3482eb2f01904727572795aad8ec4.exe

Resource

win7-20220414-en

njrat jan_22xploit evasion trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

468c50e0e09f85a3c79e8cb5c74863e52ff3482eb2f01904727572795aad8ec4.exe

Resource

win10v2004-20220414-en

njrat jan_22xploit evasion trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Jan_22Xploit

C2

drkao2.publicvm.com:8577

Mutex

8fdfddc4763d800aac6ad954e6478bcd

Attributes

reg_key
8fdfddc4763d800aac6ad954e6478bcd
splitter
|'|'|

Targets

- Target
  
  468c50e0e09f85a3c79e8cb5c74863e52ff3482eb2f01904727572795aad8ec4
- Size
  
  911KB
- MD5
  
  5643f0b2bfcabcad1801cbd8037a0ead
- SHA1
  
  32501f11788468078d43eee8b5766b297924b40a
- SHA256
  
  468c50e0e09f85a3c79e8cb5c74863e52ff3482eb2f01904727572795aad8ec4
- SHA512
  
  7f7b16e18a2fb871eea08664d36d07aa72fb9d090e3ec96c03068745eabb9562ec8910b061f4c9919dbdd8da185685bd82a1b19b1bf85d109d03a00d569d732e
Score

10^/10

njrat jan_22xploit evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratjan_22xploitevasiontrojan

behavioral2

njratjan_22xploitevasiontrojan

© 2018-2024

Terms | Privacy