njrat | bc1610960a9115f448e6f41cae197d2c7705db3c5a949de5ae7eaff6fdb5e0fb | Triage

Submit
Reports

Overview

overview

Static

static

5

bc1610960a...fb.exe

windows7-x64

bc1610960a...fb.exe

windows10-2004-x64

Sharing

General

Target

bc1610960a9115f448e6f41cae197d2c7705db3c5a949de5ae7eaff6fdb5e0fb
Size

743KB
Sample

221126-jkl69sfg5x
MD5

517de090656321d2f34f03300bf1303d
SHA1

49b24cfef234818374ca8be036dfe3b788a5432a
SHA256

bc1610960a9115f448e6f41cae197d2c7705db3c5a949de5ae7eaff6fdb5e0fb
SHA512

d59ca5ca3d391bb262227f44b5ff5b432a5b393b2f8cece4a3614c8e74f65ae6d751411cabb5f83844f78c106af1ed86b53de4ecec8a5f513dabcb67e1d0e500
SSDEEP

12288:jLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QS1BVILcS:3fmMv6Ckr7Mny5QsSB

Score

10^/10

njrat microsoft persistence phishing trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bc1610960a9115f448e6f41cae197d2c7705db3c5a949de5ae7eaff6fdb5e0fb.exe

Resource

win7-20220812-en

njrat persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

bc1610960a9115f448e6f41cae197d2c7705db3c5a949de5ae7eaff6fdb5e0fb.exe

Resource

win10v2004-20220812-en

microsoft persistence phishing

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  bc1610960a9115f448e6f41cae197d2c7705db3c5a949de5ae7eaff6fdb5e0fb
- Size
  
  743KB
- MD5
  
  517de090656321d2f34f03300bf1303d
- SHA1
  
  49b24cfef234818374ca8be036dfe3b788a5432a
- SHA256
  
  bc1610960a9115f448e6f41cae197d2c7705db3c5a949de5ae7eaff6fdb5e0fb
- SHA512
  
  d59ca5ca3d391bb262227f44b5ff5b432a5b393b2f8cece4a3614c8e74f65ae6d751411cabb5f83844f78c106af1ed86b53de4ecec8a5f513dabcb67e1d0e500
- SSDEEP
  
  12288:jLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QS1BVILcS:3fmMv6Ckr7Mny5QsSB
Score

10^/10

njrat persistence trojan microsoft phishing
- Modifies WinLogon for persistence
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratpersistencetrojan

behavioral2

microsoftpersistencephishing

© 2018-2024

Terms | Privacy