njrat | 7d90fa7177f0bcfca722fcdb80465b1299b9abbe60a66cc1a43511cb723c480f

General

Target

NEAS.fa44f7c033b1c0a2f3bc565b211e3be0.exe
Size

425KB
Sample

231106-x8a1ssde9z
MD5

fa44f7c033b1c0a2f3bc565b211e3be0
SHA1

36155a36f6a303b87cad27b2349b0646ed9aad75
SHA256

7d90fa7177f0bcfca722fcdb80465b1299b9abbe60a66cc1a43511cb723c480f
SHA512

ce1906af4ff2c024ba927880c4be387cf3c0b4bb2813065d9e583af58cd8e7a3286e91de4ff883a029b57b61dd46f9101d426086674466bd625e9194b2456047
SSDEEP

12288:WquErHF6xC9D6DmR1J98w4oknqO/CyQftQYqYbLmKE:brl6kD68JmlokQfttqY2KE

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

14 mai generateur xbox

C2

89.94.35.57:1604

Mutex

ef05e501c2e286164abf5fcaa961559f

Attributes

reg_key
ef05e501c2e286164abf5fcaa961559f
splitter
|'|'|

Targets

- Target
  
  NEAS.fa44f7c033b1c0a2f3bc565b211e3be0.exe
- Size
  
  425KB
- MD5
  
  fa44f7c033b1c0a2f3bc565b211e3be0
- SHA1
  
  36155a36f6a303b87cad27b2349b0646ed9aad75
- SHA256
  
  7d90fa7177f0bcfca722fcdb80465b1299b9abbe60a66cc1a43511cb723c480f
- SHA512
  
  ce1906af4ff2c024ba927880c4be387cf3c0b4bb2813065d9e583af58cd8e7a3286e91de4ff883a029b57b61dd46f9101d426086674466bd625e9194b2456047
- SSDEEP
  
  12288:WquErHF6xC9D6DmR1J98w4oknqO/CyQftQYqYbLmKE:brl6kD68JmlokQfttqY2KE
Score

10^/10

njrat 14 mai generateur xbox evasion trojan upx
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

1

T1543

Windows Service

1

T1543.003

Privilege Escalation

Create or Modify System Process

1

T1543

Windows Service

1

T1543.003

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

njRAT/Bladabindi

Modifies Windows Firewall

UPX packed file

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2