njrat | 2b60c561adf618dfa344b55b05492d57a0970c19d08cab5c6e04ab3ee50c10ed | Triage

Submit
Reports

Overview

overview

Static

static

2b60c561ad...ed.exe

windows7-x64

2b60c561ad...ed.exe

windows10-2004-x64

Sharing

General

Target

2b60c561adf618dfa344b55b05492d57a0970c19d08cab5c6e04ab3ee50c10ed
Size

840KB
Sample

221123-v69egaea2x
MD5

7c969a7c3b1f4d6920c7ee6ddf165db1
SHA1

a68ed8f0d4326f78d5b80bd99766e817108ff9ae
SHA256

2b60c561adf618dfa344b55b05492d57a0970c19d08cab5c6e04ab3ee50c10ed
SHA512

6ec1a236fd307e215c042b2b9753c24abab65300f29df689be53b0e9ed7faf868d6083f5d434b8bd6d0704315d46d57e9b8cc6b26373bda9b6cd7ff9e6d677e0
SSDEEP

24576:yQZ3mQR8jblVrDEwwFPPiTGQrYdel2D3E1BoDJe56:bZlEblBZwFHaYc1Ce56

Score

10^/10

njrat john microsoft persistence phishing trojan

Static task

static1

Behavioral task

behavioral1

Sample

2b60c561adf618dfa344b55b05492d57a0970c19d08cab5c6e04ab3ee50c10ed.exe

Resource

win7-20220901-en

njrat john trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2b60c561adf618dfa344b55b05492d57a0970c19d08cab5c6e04ab3ee50c10ed.exe

Resource

win10v2004-20220812-en

njrat john microsoft persistence phishing trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

john

C2

174.127.99.249:1177

Mutex

820a2113c7eb31ee7bb301083496cceb

Attributes

reg_key
820a2113c7eb31ee7bb301083496cceb
splitter
|'|'|

Targets

- Target
  
  2b60c561adf618dfa344b55b05492d57a0970c19d08cab5c6e04ab3ee50c10ed
- Size
  
  840KB
- MD5
  
  7c969a7c3b1f4d6920c7ee6ddf165db1
- SHA1
  
  a68ed8f0d4326f78d5b80bd99766e817108ff9ae
- SHA256
  
  2b60c561adf618dfa344b55b05492d57a0970c19d08cab5c6e04ab3ee50c10ed
- SHA512
  
  6ec1a236fd307e215c042b2b9753c24abab65300f29df689be53b0e9ed7faf868d6083f5d434b8bd6d0704315d46d57e9b8cc6b26373bda9b6cd7ff9e6d677e0
- SSDEEP
  
  24576:yQZ3mQR8jblVrDEwwFPPiTGQrYdel2D3E1BoDJe56:bZlEblBZwFHaYc1Ce56
Score

10^/10

njrat john trojan microsoft persistence phishing
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratjohntrojan

behavioral2

njratjohnmicrosoftpersistencephishingtrojan

© 2018-2024

Terms | Privacy