njrat | 30d4b3fc02e8bfc676c5aee3ec5bfdb69c40f83ef6bb64af62396ae566bb6bd7 | Triage

Submit
Reports

Overview

overview

Static

static

3

-.exe

windows10-2004-x64

Sharing

General

Target

-.exe
Size

132KB
Sample

230628-hgqjvahe6y
MD5

4f7b1a6855a843967e822d8cb179f87f
SHA1

7a37a02e373181b12ddd87770eba5b11224b7de4
SHA256

30d4b3fc02e8bfc676c5aee3ec5bfdb69c40f83ef6bb64af62396ae566bb6bd7
SHA512

c868f4e23f5e168e573ed20186c2f1ad07b64f158458e40b5ef478e0cc669bda5884351f063c519c51f60e39adac1c3b553fffafcc413d5f944e16d5de688a72
SSDEEP

3072:kX68wORs3S7rN+v6ZuxUNiMPjD7f4GBakBRIE9T:kX3Rs38oSIxIH7gGrBd9

Score

10^/10

njrat xworm backup rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

-.exe

Resource

win10v2004-20230621-en

njrat xworm backup rat trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

opportunities-rendered.craft.ply.gg:39858

Attributes

install_file
audiodg.exe

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

BackUp

C2

style-camps.craft.ply.gg:37572

Mutex

Text attrib corrector

Attributes

reg_key
Text attrib corrector
splitter
|Hassan|

Targets

- Target
  
  -.exe
- Size
  
  132KB
- MD5
  
  4f7b1a6855a843967e822d8cb179f87f
- SHA1
  
  7a37a02e373181b12ddd87770eba5b11224b7de4
- SHA256
  
  30d4b3fc02e8bfc676c5aee3ec5bfdb69c40f83ef6bb64af62396ae566bb6bd7
- SHA512
  
  c868f4e23f5e168e573ed20186c2f1ad07b64f158458e40b5ef478e0cc669bda5884351f063c519c51f60e39adac1c3b553fffafcc413d5f944e16d5de688a72
- SSDEEP
  
  3072:kX68wORs3S7rN+v6ZuxUNiMPjD7f4GBakBRIE9T:kX3Rs38oSIxIH7gGrBd9
Score

10^/10

njrat xworm backup rat trojan upx
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratxwormbackuprattrojanupx

© 2018-2024

Terms | Privacy