njrat | 8d58ff703865de576957f3f41ff6a909fc032c384c502cb4f8a6a345d433ac18 | Triage

Submit
Reports

Overview

overview

Static

static

5

8d58ff7038...18.exe

windows7-x64

8d58ff7038...18.exe

windows10-2004-x64

Sharing

General

Target

8d58ff703865de576957f3f41ff6a909fc032c384c502cb4f8a6a345d433ac18
Size

738KB
Sample

221125-yvbwlsca25
MD5

1ee9c22dc830a95763067c33f8473e52
SHA1

70ab9235f7dffbcce9b2f9828412c9c44ab47a38
SHA256

8d58ff703865de576957f3f41ff6a909fc032c384c502cb4f8a6a345d433ac18
SHA512

409124e9ab2794437b809b872f3fc07b2520ac79568844b0e5f541281378ad1a4449727093e39e3582d65c0a13b093549beb63bceeeea0b889ee7f2b29817ca4
SSDEEP

12288:jLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QS1BVbbWQ:3fmMv6Ckr7Mny5QsFZ

Score

10^/10

njrat hacked microsoft persistence phishing trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8d58ff703865de576957f3f41ff6a909fc032c384c502cb4f8a6a345d433ac18.exe

Resource

win7-20220901-en

njrat hacked persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8d58ff703865de576957f3f41ff6a909fc032c384c502cb4f8a6a345d433ac18.exe

Resource

win10v2004-20220812-en

njrat hacked microsoft persistence phishing trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

suspended.duckdns.org:5552

Mutex

ca324c664c8ab38c5267b9c2353adf44

Attributes

reg_key
ca324c664c8ab38c5267b9c2353adf44
splitter
|'|'|

Targets

- Target
  
  8d58ff703865de576957f3f41ff6a909fc032c384c502cb4f8a6a345d433ac18
- Size
  
  738KB
- MD5
  
  1ee9c22dc830a95763067c33f8473e52
- SHA1
  
  70ab9235f7dffbcce9b2f9828412c9c44ab47a38
- SHA256
  
  8d58ff703865de576957f3f41ff6a909fc032c384c502cb4f8a6a345d433ac18
- SHA512
  
  409124e9ab2794437b809b872f3fc07b2520ac79568844b0e5f541281378ad1a4449727093e39e3582d65c0a13b093549beb63bceeeea0b889ee7f2b29817ca4
- SSDEEP
  
  12288:jLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QS1BVbbWQ:3fmMv6Ckr7Mny5QsFZ
Score

10^/10

njrat hacked persistence trojan microsoft phishing
- Modifies WinLogon for persistence
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedpersistencetrojan

behavioral2

njrathackedmicrosoftpersistencephishingtrojan

© 2018-2024

Terms | Privacy