njrat | d02e88a87f99105730981411b3dc00838ba8f93f7fee5d2294820e44d38ff28c | Triage

Submit
Reports

Overview

overview

Static

static

7

d02e88a87f...8c.exe

windows7-x64

d02e88a87f...8c.exe

windows10-2004-x64

Sharing

General

Target

d02e88a87f99105730981411b3dc00838ba8f93f7fee5d2294820e44d38ff28c
Size

240KB
Sample

221130-vpb3msce5x
MD5

b30fee632f6b18eb2ff5a49a4e5d7883
SHA1

550238b070088e906fa9ee2aa3477a1321498173
SHA256

d02e88a87f99105730981411b3dc00838ba8f93f7fee5d2294820e44d38ff28c
SHA512

28aae9d2412729144d757a489807cb8761abe5f0a93dd43ac3c41d6e03e8c5d67208feebcd421663fc794a26612e2554ed0f53ed583c45b1501e4e0748e8c826
SSDEEP

6144:de95/jDSDls2IN4vuSACO9yux887vyYlPEAOlfJO2EgFTuUB5aW:deyvKz92xhETUx

Score

10^/10

njrat hacked agilenet evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d02e88a87f99105730981411b3dc00838ba8f93f7fee5d2294820e44d38ff28c.exe

Resource

win7-20220901-en

njrat hacked agilenet evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d02e88a87f99105730981411b3dc00838ba8f93f7fee5d2294820e44d38ff28c.exe

Resource

win10v2004-20221111-en

njrat hacked agilenet evasion persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

279f6960ed84a752570aca7fb2dc1552

Attributes

reg_key
279f6960ed84a752570aca7fb2dc1552
splitter
|'|'|

Targets

- Target
  
  d02e88a87f99105730981411b3dc00838ba8f93f7fee5d2294820e44d38ff28c
- Size
  
  240KB
- MD5
  
  b30fee632f6b18eb2ff5a49a4e5d7883
- SHA1
  
  550238b070088e906fa9ee2aa3477a1321498173
- SHA256
  
  d02e88a87f99105730981411b3dc00838ba8f93f7fee5d2294820e44d38ff28c
- SHA512
  
  28aae9d2412729144d757a489807cb8761abe5f0a93dd43ac3c41d6e03e8c5d67208feebcd421663fc794a26612e2554ed0f53ed583c45b1501e4e0748e8c826
- SSDEEP
  
  6144:de95/jDSDls2IN4vuSACO9yux887vyYlPEAOlfJO2EgFTuUB5aW:deyvKz92xhETUx
Score

10^/10

njrat hacked agilenet evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedagilenetevasionpersistencetrojan

behavioral2

njrathackedagilenetevasionpersistencetrojan

© 2018-2024

Terms | Privacy