njrat | b324d5c2bee5030375b8e19b3e1c471ecff6a3c49fcec6938e2acb3e81bfaf0d | Triage

Submit
Reports

Overview

overview

Static

static

b324d5c2be...0d.exe

windows7-x64

b324d5c2be...0d.exe

windows10-2004-x64

Sharing

General

Target

b324d5c2bee5030375b8e19b3e1c471ecff6a3c49fcec6938e2acb3e81bfaf0d
Size

72KB
Sample

221128-xyamaaeb3t
MD5

f153785b749ab24f04b91bdd7a27b518
SHA1

cceafdded799e67ab690b4b81ded52afdd50f5cc
SHA256

b324d5c2bee5030375b8e19b3e1c471ecff6a3c49fcec6938e2acb3e81bfaf0d
SHA512

fe0a32ec3563d24ebfeee7c041954892161b28b36b4841598c4de0c38096a036edcd91d37cd1c3332a976537782bd3cb74fd4d317d20329f2297765ca9e8eaf6
SSDEEP

1536:FP7LRKwpWl+lzjSE/u3E1m/HX9dzb+m9L+27s:lo6jSEfwfX9dzDS27s

Score

10^/10

njrat microsoft persistence phishing trojan

Static task

static1

Behavioral task

behavioral1

Sample

b324d5c2bee5030375b8e19b3e1c471ecff6a3c49fcec6938e2acb3e81bfaf0d.exe

Resource

win7-20220901-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

b324d5c2bee5030375b8e19b3e1c471ecff6a3c49fcec6938e2acb3e81bfaf0d.exe

Resource

win10v2004-20220812-en

njrat microsoft persistence phishing trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  b324d5c2bee5030375b8e19b3e1c471ecff6a3c49fcec6938e2acb3e81bfaf0d
- Size
  
  72KB
- MD5
  
  f153785b749ab24f04b91bdd7a27b518
- SHA1
  
  cceafdded799e67ab690b4b81ded52afdd50f5cc
- SHA256
  
  b324d5c2bee5030375b8e19b3e1c471ecff6a3c49fcec6938e2acb3e81bfaf0d
- SHA512
  
  fe0a32ec3563d24ebfeee7c041954892161b28b36b4841598c4de0c38096a036edcd91d37cd1c3332a976537782bd3cb74fd4d317d20329f2297765ca9e8eaf6
- SSDEEP
  
  1536:FP7LRKwpWl+lzjSE/u3E1m/HX9dzb+m9L+27s:lo6jSEfwfX9dzDS27s
Score

10^/10

njrat trojan microsoft persistence phishing
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratmicrosoftpersistencephishingtrojan

© 2018-2024

Terms | Privacy