njrat | 57221ac04e04d59c42bdc9ab1a4473332fa677d6e78d61f4d960873e1be7e41d | Triage

Submit
Reports

Overview

overview

Static

static

c07e66e4cc...02.exe

windows7-x64

c07e66e4cc...02.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

c07e66e4cc164f062240866fde230002
Size

3.6MB
Sample

240311-nqkmvaba7v
MD5

c07e66e4cc164f062240866fde230002
SHA1

fbe38f60370b84a15d1394f990cc158e31bb1add
SHA256

57221ac04e04d59c42bdc9ab1a4473332fa677d6e78d61f4d960873e1be7e41d
SHA512

c991a906e6df62daba5aeb7ef09e5a0fe6480ccccdcd52f94dc9d1d7f4cae3c30869e0e9ef0bf7c5147bb236c6c65d63f199e7d8d82e2299a320ff0e476d6991
SSDEEP

98304:Er9JEsY0XN9Eflgzc2A8YyN2oQuf1O6QZO77hUJTlhXsAKV:sIPKN9EtgziyMUA6QCUJE

Score

10^/10

njrat zgrat evasion persistence rat trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

c07e66e4cc164f062240866fde230002.exe

Resource

win7-20240221-en

njrat zgrat evasion persistence rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

c07e66e4cc164f062240866fde230002.exe

Resource

win10v2004-20240226-en

njrat zgrat evasion persistence rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  c07e66e4cc164f062240866fde230002
- Size
  
  3.6MB
- MD5
  
  c07e66e4cc164f062240866fde230002
- SHA1
  
  fbe38f60370b84a15d1394f990cc158e31bb1add
- SHA256
  
  57221ac04e04d59c42bdc9ab1a4473332fa677d6e78d61f4d960873e1be7e41d
- SHA512
  
  c991a906e6df62daba5aeb7ef09e5a0fe6480ccccdcd52f94dc9d1d7f4cae3c30869e0e9ef0bf7c5147bb236c6c65d63f199e7d8d82e2299a320ff0e476d6991
- SSDEEP
  
  98304:Er9JEsY0XN9Eflgzc2A8YyN2oQuf1O6QZO77hUJTlhXsAKV:sIPKN9EtgziyMUA6QCUJE
Score

10^/10

njrat zgrat evasion persistence rat trojan
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratzgratevasionpersistencerattrojan

behavioral2

njratzgratevasionpersistencerattrojan

© 2018-2025

Terms | Privacy