njrat | 6a57368ea33eb414da5c2bdd0e3a12c8d47575c44ba13a966bea162d4796b0c9

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2023 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0eb49170e762d1d8745681e2157d8215.exe
Size

33KB
MD5

0eb49170e762d1d8745681e2157d8215
SHA1

0244d2f6e18bc6124f3a4153acb871c818a4db8b
SHA256

6a57368ea33eb414da5c2bdd0e3a12c8d47575c44ba13a966bea162d4796b0c9
SHA512

99ae0b41a752b6d15dd54bd9cefdca514e9b1a194014f798902242c8186c9f4edb849a35bdc36171c63e8fe057b5d603c264d192707d2afe3603ad230facad4d
SSDEEP

768:VvTSwH0f6lx8gcRfufYHGulkR23t+UG78iK1KB/9dZ:tSwH0fM8jS3R29nG4TgBF

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

127.0.0.1:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|'|'|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

OpenWith.exe0eb49170e762d1d8745681e2157d8215.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings	0eb49170e762d1d8745681e2157d8215.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

1760 OpenWith.exe

pid	process
1760	OpenWith.exe

C:\Users\Admin\AppData\Local\Temp\0eb49170e762d1d8745681e2157d8215.exe
"C:\Users\Admin\AppData\Local\Temp\0eb49170e762d1d8745681e2157d8215.exe"
1⤵
- Modifies registry class
PID:3704

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1760

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3704-0-0x00007FFCFFE00000-0x00007FFD007A1000-memory.dmp

Filesize
9.6MB

Download
memory/3704-1-0x000000001B8A0000-0x000000001BD6E000-memory.dmp

Filesize
4.8MB

Download
memory/3704-3-0x0000000000D10000-0x0000000000D20000-memory.dmp

Filesize
64KB

Download
memory/3704-2-0x00007FFCFFE00000-0x00007FFD007A1000-memory.dmp

Filesize
9.6MB

Download
memory/3704-4-0x0000000000D00000-0x0000000000D16000-memory.dmp

Filesize
88KB

Download
memory/3704-5-0x000000001BD70000-0x000000001BE16000-memory.dmp

Filesize
664KB

Download
memory/3704-9-0x00007FFCFFE00000-0x00007FFD007A1000-memory.dmp

Filesize
9.6MB

Download