njrat | c91ee9c3b3408d397b2fd36b4f09e715932fdd722a42829ef81451690f1844e7

Analysis

max time kernel
7s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c91ee9c3b3408d397b2fd36b4f09e715932fdd722a42829ef81451690f1844e7.exe
Size

28KB
MD5

070366b1e13d0db607bf91ce11d3f1a0
SHA1

1b43ac3d2adb907cb22efef2c9e8ad6166a831a0
SHA256

c91ee9c3b3408d397b2fd36b4f09e715932fdd722a42829ef81451690f1844e7
SHA512

4a139242cf56c5d193d8daf8145dee890436bf9540d0c758aa7d1fc1868339cf6dec2a2361d08820286a9956cd7138fab6ba9537544b722c32470482aeb8a0f3
SSDEEP

384:MaFCtl7Dh+oqIqEXV5HEQTGumqDgN3eH6GBsbh0w4wlAokw9OhgOL1vYRGOZzCZW:m74oqIjlLTAqM3eFBKh0p29SgREW

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

topsayed223.no-ip.biz:1177

Mutex

6af29fbbfed65718b18fac14bbf76b5c

Attributes

reg_key
6af29fbbfed65718b18fac14bbf76b5c
splitter
|'|'|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Modify Existing Service

T1031

pid	Process
3092	netsh.exe

C:\Users\Admin\AppData\Local\Temp\c91ee9c3b3408d397b2fd36b4f09e715932fdd722a42829ef81451690f1844e7.exe
"C:\Users\Admin\AppData\Local\Temp\c91ee9c3b3408d397b2fd36b4f09e715932fdd722a42829ef81451690f1844e7.exe"
1⤵
PID:2920
- C:\Users\Admin\AppData\Roaming\Elsayed.exe
  "C:\Users\Admin\AppData\Roaming\Elsayed.exe"
  2⤵
  PID:4780

C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\Elsayed.exe" "Elsayed.exe" ENABLE
1⤵
- Modifies Windows Firewall
PID:3092

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Elsayed.exe

Filesize
28KB

MD5
070366b1e13d0db607bf91ce11d3f1a0

SHA1
1b43ac3d2adb907cb22efef2c9e8ad6166a831a0

SHA256
c91ee9c3b3408d397b2fd36b4f09e715932fdd722a42829ef81451690f1844e7

SHA512
4a139242cf56c5d193d8daf8145dee890436bf9540d0c758aa7d1fc1868339cf6dec2a2361d08820286a9956cd7138fab6ba9537544b722c32470482aeb8a0f3

Download Submit
C:\Users\Admin\AppData\Roaming\Elsayed.exe

Filesize
18KB

MD5
5e2525622d2da3067469d0d669860f27

SHA1
a7e1b2d09a51b57053694e0e5d40df698aa32bf3

SHA256
65d22d9eab6db6e1e89c73d477eaad4591e12b984266a9db319d51cd17cd2d74

SHA512
6edd211faabfe14c4803658f41911dfa008b3335532d654f3b8930556503cc088a4e1b679c8a2b1481f5f1eff162636af78dd3db83ff3bff3135add95a959aa9

Download Submit
memory/2920-132-0x0000000074C60000-0x0000000075211000-memory.dmp

Filesize
5.7MB

Download
memory/2920-136-0x0000000074C60000-0x0000000075211000-memory.dmp

Filesize
5.7MB

Download
memory/4780-138-0x0000000074C60000-0x0000000075211000-memory.dmp

Filesize
5.7MB

Download