njrat | 4c9a06f79b7bab68122b2d164b63523dceb0205d044c8d230bb758d7fc4729e8 | Triage

Submit
Reports

Overview

overview

Static

static

3

983ffa6d57...30.exe

windows7-x64

983ffa6d57...30.exe

windows10-2004-x64

Sharing

General

Target

983ffa6d57f86647306da729613df330
Size

984KB
Sample

240213-cx7keacb52
MD5

983ffa6d57f86647306da729613df330
SHA1

9cbc4aa1b4f5566a7d8a9c508edc7cc96772c1c0
SHA256

4c9a06f79b7bab68122b2d164b63523dceb0205d044c8d230bb758d7fc4729e8
SHA512

90d5b58598e2e8a904363058441956df840cf75389bc8f89b28fe70fd8ef2c7c98c70928ac208002550a127affe57668692d18bc0dd5bdab6f5f2095ebdd6313
SSDEEP

12288:vz+MO8FsF87bhQxUKKKVxe8QuWtajt6iLq17BKGUEsLDw:b+MOQW87bhQxtVUwWa6iLe76Ei

Score

10^/10

njrat zgrat evasion persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

983ffa6d57f86647306da729613df330.exe

Resource

win7-20231215-en

zgrat persistence rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

983ffa6d57f86647306da729613df330.exe

Resource

win10v2004-20231215-en

njrat zgrat evasion persistence rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  983ffa6d57f86647306da729613df330
- Size
  
  984KB
- MD5
  
  983ffa6d57f86647306da729613df330
- SHA1
  
  9cbc4aa1b4f5566a7d8a9c508edc7cc96772c1c0
- SHA256
  
  4c9a06f79b7bab68122b2d164b63523dceb0205d044c8d230bb758d7fc4729e8
- SHA512
  
  90d5b58598e2e8a904363058441956df840cf75389bc8f89b28fe70fd8ef2c7c98c70928ac208002550a127affe57668692d18bc0dd5bdab6f5f2095ebdd6313
- SSDEEP
  
  12288:vz+MO8FsF87bhQxUKKKVxe8QuWtajt6iLq17BKGUEsLDw:b+MOQW87bhQxtVUwWa6iLe76Ei
Score

10^/10

zgrat persistence rat njrat evasion trojan
- Detect ZGRat V1
- Modifies WinLogon for persistence
  persistence
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zgratpersistencerat

behavioral2

njratzgratevasionpersistencerattrojan

© 2018-2025

Terms | Privacy