General
-
Target
NjRat.0.7D.zip
-
Size
9.2MB
-
Sample
240315-cqf4wagb79
-
MD5
6a4984809b0b295b75d8a52095a70f73
-
SHA1
5b7fd2737d6f7c5541c17704534f7602f7465b8d
-
SHA256
902576f7f90174513a45bc82796b82c9264a57c82c0c72b7c9bf11e7da6bba96
-
SHA512
f54954b82b36c57604960c020e5674e413ca61a61111290c1712036d1f00175f1263967c5ce3674c5d28e606d3c06013d0d331faba24a3a1d77bd38429f22a1d
-
SSDEEP
196608:p3uLx63wJLFj37EL6GnrrrpPFXXmwB15EiuVnaUrHBB9UB:p4x+Gj3gXrr19Gwr+aQFm
Static task
static1
Behavioral task
behavioral1
Sample
NjRat 0.7D.exe
Resource
win10-20240221-en
Malware Config
Extracted
njrat
0.7d
MyBot
127.0.0.1:6522
d2319c4fe39ba9c40104010969686b29
-
reg_key
d2319c4fe39ba9c40104010969686b29
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
NjRat 0.7D.exe
-
Size
8.5MB
-
MD5
70ea9c044c9a766330d3fe77418244a5
-
SHA1
18602d0db52917b88cbdab84ba89181e6fd4686a
-
SHA256
b78fb092e151db613cba51d7f2532547e48c6f4712809a485f272e2ab55776a5
-
SHA512
5261865e7ca21e928b956a97518366c9dc218a2312961e0ba0b72b37ae7c797176382de3c3dc1d2949aca51c3db330562f1087a71efdc7c3c3b8f8928872f917
-
SSDEEP
98304:cn9aRMDoMu2EW5nnim//7uvwCt5tuo32v:cni6nnim//7uVtF
Score10/10-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1