njrat | 1761ef28bbe1f98687df84d540798d65f53975b23683140d3241f0f0cd784d85 | Triage

Submit
Reports

Overview

overview

Static

static

Payload.exe

windows10-2004-x64

Resubmissions

12/01/2023, 14:38

230112-rzz1nsca7s 10

12/01/2023, 14:17

230112-rl6lasgc34 10

Sharing

Copy URL Twitter E-mail

General

Target

Payload.exe
Size

625KB
Sample

230112-rl6lasgc34
MD5

0dc00c7f7ab8e1d8d5a31d1756479e6f
SHA1

54390f6d36d141ba00b32bb9759cbfe499f38a84
SHA256

1761ef28bbe1f98687df84d540798d65f53975b23683140d3241f0f0cd784d85
SHA512

f430b7d63d8543dc341f5871afad2cc45c4c3e75cb47c345f20820fe7505c10ad8deb5e049fbbaf81a76e8e3c3cc0fcca3f7ef70f6b593529e84ebe622dcb494
SSDEEP

3072:NElc+orpNuOBo22K87Rt6LYDD++8i6YSG9jVmse3KU08E5WyK+W+Ay6T2Q1Ddshp:CWtrZzCt6LYDp8+SG9CAK+WznSYaN

Score

10^/10

njrat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Payload.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  Payload.exe
- Size
  
  625KB
- MD5
  
  0dc00c7f7ab8e1d8d5a31d1756479e6f
- SHA1
  
  54390f6d36d141ba00b32bb9759cbfe499f38a84
- SHA256
  
  1761ef28bbe1f98687df84d540798d65f53975b23683140d3241f0f0cd784d85
- SHA512
  
  f430b7d63d8543dc341f5871afad2cc45c4c3e75cb47c345f20820fe7505c10ad8deb5e049fbbaf81a76e8e3c3cc0fcca3f7ef70f6b593529e84ebe622dcb494
- SSDEEP
  
  3072:NElc+orpNuOBo22K87Rt6LYDD++8i6YSG9jVmse3KU08E5WyK+W+Ay6T2Q1Ddshp:CWtrZzCt6LYDp8+SG9CAK+WznSYaN
Score

10^/10

njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy