njrat | 48d2deb6157a8365171fb07e8b41e1cb2ae6a2757f30814d8501c231484a4077 | Triage

Submit
Reports

Overview

overview

Static

static

niga.exe

windows10-1703-x64

niga.exe

windows7-x64

niga.exe

windows10-2004-x64

Resubmissions

09-04-2023 18:07

230409-wqq4macc86 10

09-04-2023 17:52

230409-wf5h9scc37 10

Sharing

General

Target

niga.exe
Size

69KB
Sample

230409-wf5h9scc37
MD5

78cfee5877e0dc8298c063852d986fce
SHA1

772af76ebad5d0a9b186b88bfe248d137587ab42
SHA256

48d2deb6157a8365171fb07e8b41e1cb2ae6a2757f30814d8501c231484a4077
SHA512

c002c1d88a3dbc72190e22bb0ebf3f502a8126b43704c083f114add555707a4b0c480e0af8b4edd9a1043137f9e5c4e33a6d8dcd84de716bebc932bb38a20f85
SSDEEP

1536:VMHzzWTpYHzC8tIi0HchALTvbsbvA3teOWTkuLPZ9b3mrcxug0ZdRaEX1iNyaF97:VMHHWTpYHzC8t5aceLTAbvcwkWR9bPuI

Score

10^/10

njrat redline hacked bootkit infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

niga.exe

Resource

win10-20230220-en

njrat redline hacked bootkit infostealer persistence stealer trojan

windows10-1703-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

niga.exe

Resource

win7-20230220-en

njrat hacked trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

niga.exe

Resource

win10v2004-20230220-en

njrat redline hacked infostealer stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:31440

Mutex

win64.exe

Attributes

reg_key
win64.exe
splitter
|Ghost|

Targets

- Target
  
  niga.exe
- Size
  
  69KB
- MD5
  
  78cfee5877e0dc8298c063852d986fce
- SHA1
  
  772af76ebad5d0a9b186b88bfe248d137587ab42
- SHA256
  
  48d2deb6157a8365171fb07e8b41e1cb2ae6a2757f30814d8501c231484a4077
- SHA512
  
  c002c1d88a3dbc72190e22bb0ebf3f502a8126b43704c083f114add555707a4b0c480e0af8b4edd9a1043137f9e5c4e33a6d8dcd84de716bebc932bb38a20f85
- SSDEEP
  
  1536:VMHzzWTpYHzC8tIi0HchALTvbsbvA3teOWTkuLPZ9b3mrcxug0ZdRaEX1iNyaF97:VMHHWTpYHzC8t5aceLTAbvcwkWR9bPuI
Score

10^/10

njrat redline hacked bootkit infostealer persistence stealer trojan
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratredlinehackedbootkitinfostealerpersistencestealertrojan

behavioral2

njrathackedtrojan

behavioral3

njratredlinehackedinfostealerstealertrojan

© 2018-2024

Terms | Privacy