njrat | f370694edebc6fea374b0ff45057d3d81d697422972c51ec9a27ab531cd39b3b | Triage

Submit
Reports

Overview

overview

Static

static

Extreme.In...31.exe

windows7-x64

Extreme.In...31.exe

windows10-2004-x64

Sharing

General

Target

Extreme.Injector.v2.4.5.-.by.master131.exe
Size

164KB
Sample

221205-yw3qqafa2v
MD5

2fd45c4572749ca9537fde2dadf1b8dd
SHA1

77fce1f2295d640962321c15e628f374525f6689
SHA256

f370694edebc6fea374b0ff45057d3d81d697422972c51ec9a27ab531cd39b3b
SHA512

7bfae6a212ddd96f58253960d5ddfdb217a1a39674e4927c43637a90466a841229303f080fbbce97e6dc30eb4b1b47909fa965072219ab6b35e7fd86e763a31f
SSDEEP

3072:hodc4/cHmSPrcerD+fR6DBBLzy7zRJZGuQkIJ4gRqE2uIE28uEwBZSZbM1hePf:mdHeDtUZabmO

Score

10^/10

njrat collection persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Extreme.Injector.v2.4.5.-.by.master131.exe

Resource

win7-20220901-en

njrat persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Extreme.Injector.v2.4.5.-.by.master131.exe

Resource

win10v2004-20220812-en

njrat collection persistence spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Extreme.Injector.v2.4.5.-.by.master131.exe
- Size
  
  164KB
- MD5
  
  2fd45c4572749ca9537fde2dadf1b8dd
- SHA1
  
  77fce1f2295d640962321c15e628f374525f6689
- SHA256
  
  f370694edebc6fea374b0ff45057d3d81d697422972c51ec9a27ab531cd39b3b
- SHA512
  
  7bfae6a212ddd96f58253960d5ddfdb217a1a39674e4927c43637a90466a841229303f080fbbce97e6dc30eb4b1b47909fa965072219ab6b35e7fd86e763a31f
- SSDEEP
  
  3072:hodc4/cHmSPrcerD+fR6DBBLzy7zRJZGuQkIJ4gRqE2uIE28uEwBZSZbM1hePf:mdHeDtUZabmO
Score

10^/10

njrat persistence trojan collection spyware stealer
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratpersistencetrojan

behavioral2

njratcollectionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy