njrat | 8674766007c7aed0b73283fb5003c4df128699e9b8a2aa675f526b8de02e73d4 | Triage

Submit
Reports

Overview

overview

Static

static

8674766007...2A.exe

windows7-x64

8674766007...2A.exe

windows10-2004-x64

Sharing

General

Target

8674766007C7AED0B73283FB5003C4DF128699E9B8A2A.exe
Size

10.2MB
Sample

220824-vs5jcsgfak
MD5

abcd86848dd2dce5fa3f8725091d34ab
SHA1

c25be8fbed6d715c0c3e7a00ee2e89985ce27d42
SHA256

8674766007c7aed0b73283fb5003c4df128699e9b8a2aa675f526b8de02e73d4
SHA512

fbf4cb838433a68717beba43a324d8fe1290a492f5538f2aa20e22cb14e1f38bb9a80240bb1699824441b5192eefc850bffe553a93388f73bb5dab6dc0647009
SSDEEP

196608:BeEbGXVnICteEroXxoczlxZV3Gu5D4S267ygEGPt2CS30j8kg8ETL0DWcjKdCra:gEOInEroXF14S2D7qcDnTLxca

Score

10^/10

njrat redline cheat hacked discovery evasion infostealer persistence pyinstaller spyware trojan

Static task

static1

pyinstaller redline njrat

4 signatures

Behavioral task

behavioral1

Sample

8674766007C7AED0B73283FB5003C4DF128699E9B8A2A.exe

Resource

win7-20220812-en

njrat redline cheat hacked discovery evasion infostealer persistence pyinstaller spyware trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

8674766007C7AED0B73283FB5003C4DF128699E9B8A2A.exe

Resource

win10v2004-20220812-en

njrat redline cheat hacked discovery evasion infostealer persistence pyinstaller spyware trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

91.198.77.213:39963

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

172.93.231.202:5552

Mutex

dd7d6bc98a38de1b5ca51955ad0f1fec

Attributes

reg_key
dd7d6bc98a38de1b5ca51955ad0f1fec
splitter
|'|'|

Targets

- Target
  
  8674766007C7AED0B73283FB5003C4DF128699E9B8A2A.exe
- Size
  
  10.2MB
- MD5
  
  abcd86848dd2dce5fa3f8725091d34ab
- SHA1
  
  c25be8fbed6d715c0c3e7a00ee2e89985ce27d42
- SHA256
  
  8674766007c7aed0b73283fb5003c4df128699e9b8a2aa675f526b8de02e73d4
- SHA512
  
  fbf4cb838433a68717beba43a324d8fe1290a492f5538f2aa20e22cb14e1f38bb9a80240bb1699824441b5192eefc850bffe553a93388f73bb5dab6dc0647009
- SSDEEP
  
  196608:BeEbGXVnICteEroXxoczlxZV3Gu5D4S267ygEGPt2CS30j8kg8ETL0DWcjKdCra:gEOInEroXF14S2D7qcDnTLxca
Score

10^/10

njrat redline cheat hacked discovery evasion infostealer persistence pyinstaller spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

pyinstallerredlinenjrat

behavioral1

njratredlinecheathackeddiscoveryevasioninfostealerpersistencepyinstallerspywaretrojan

behavioral2

njratredlinecheathackeddiscoveryevasioninfostealerpersistencepyinstallerspywaretrojan

© 2018-2024

Terms | Privacy