njrat | 55ebf6e1cf3205a0856278c48d7db5ad8c09d6349dd4dacb2ba29e28414b3e5f | Triage

Submit
Reports

Overview

overview

Static

static

3

vir.exe

windows10-2004-x64

Sharing

General

Target

vir.exe
Size

88KB
Sample

230628-nnvp2aac7z
MD5

74b0eb7d15999dd0886e3a9b8616a5ca
SHA1

8ec77322cdd5a708e0aa22c830fe368770b12e6b
SHA256

55ebf6e1cf3205a0856278c48d7db5ad8c09d6349dd4dacb2ba29e28414b3e5f
SHA512

1e863277ef675dba35a3f1924b556f3980ad6f0cb1648e62e8ee1f8fec52eb752e5f6d757c28442e21f165f877562d6a8229cc276e30d80d79069f1e546a0779
SSDEEP

1536:s6GqLMyrR2t1Kz66wDCiX+ioXGAbhoZgmFcH0lGTnZKYWjFxCuxm9L:7L7rR2t1ooD+fnhoZgmFrGtEFxC/9L

Score

10^/10

njrat xworm backup rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

vir.exe

Resource

win10v2004-20230621-en

njrat xworm backup rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

opportunities-rendered.craft.ply.gg:39858

Attributes

install_file
ctfmon.exe

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

BackUp

C2

style-camps.craft.ply.gg:37572

Mutex

Text attrib corrector

Attributes

reg_key
Text attrib corrector
splitter
|Hassan|

Targets

- Target
  
  vir.exe
- Size
  
  88KB
- MD5
  
  74b0eb7d15999dd0886e3a9b8616a5ca
- SHA1
  
  8ec77322cdd5a708e0aa22c830fe368770b12e6b
- SHA256
  
  55ebf6e1cf3205a0856278c48d7db5ad8c09d6349dd4dacb2ba29e28414b3e5f
- SHA512
  
  1e863277ef675dba35a3f1924b556f3980ad6f0cb1648e62e8ee1f8fec52eb752e5f6d757c28442e21f165f877562d6a8229cc276e30d80d79069f1e546a0779
- SSDEEP
  
  1536:s6GqLMyrR2t1Kz66wDCiX+ioXGAbhoZgmFcH0lGTnZKYWjFxCuxm9L:7L7rR2t1ooD+fnhoZgmFrGtEFxC/9L
Score

10^/10

njrat xworm backup rat trojan
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratxwormbackuprattrojan

© 2018-2024

Terms | Privacy