njrat | 902576f7f90174513a45bc82796b82c9264a57c82c0c72b7c9bf11e7da6bba96

General

Target

NjRat.0.7D.zip
Size

9.2MB
Sample

240401-lhnnesba93
MD5

6a4984809b0b295b75d8a52095a70f73
SHA1

5b7fd2737d6f7c5541c17704534f7602f7465b8d
SHA256

902576f7f90174513a45bc82796b82c9264a57c82c0c72b7c9bf11e7da6bba96
SHA512

f54954b82b36c57604960c020e5674e413ca61a61111290c1712036d1f00175f1263967c5ce3674c5d28e606d3c06013d0d331faba24a3a1d77bd38429f22a1d
SSDEEP

196608:p3uLx63wJLFj37EL6GnrrrpPFXXmwB15EiuVnaUrHBB9UB:p4x+Gj3gXrr19Gwr+aQFm

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

5.39.43.50:3678

Mutex

71ec706f3e4bd1ac038f06be71b22fc9

Attributes

reg_key
71ec706f3e4bd1ac038f06be71b22fc9
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  NjRat 0.7D.exe
- Size
  
  8.5MB
- MD5
  
  70ea9c044c9a766330d3fe77418244a5
- SHA1
  
  18602d0db52917b88cbdab84ba89181e6fd4686a
- SHA256
  
  b78fb092e151db613cba51d7f2532547e48c6f4712809a485f272e2ab55776a5
- SHA512
  
  5261865e7ca21e928b956a97518366c9dc218a2312961e0ba0b72b37ae7c797176382de3c3dc1d2949aca51c3db330562f1087a71efdc7c3c3b8f8928872f917
- SSDEEP
  
  98304:cn9aRMDoMu2EW5nnim//7uvwCt5tuo32v:cni6nnim//7uVtF
Score

10^/10

njrat mybot evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  Plugin/cam.dll
- Size
  
  99KB
- MD5
  
  8ce3060686462fc72ece2701caa13e3b
- SHA1
  
  19fc9892200de4db332ddd0c14b4b6fd9a35ccd4
- SHA256
  
  881d5afb9aa4799c73e75dcd28587dba85dd844e4137287ea48c6b66525e2638
- SHA512
  
  ef38e00b054240a0d4747bfd79db860015ed027735c360de58af6889a69482109ccf74770608a2750542457ac38aa79367431ff6ca77fae44d7e3a7023f33a17
- SSDEEP
  
  3072:31IL2SeOPGmBUMqtZabredepzZxgUPWeJP3:w2Sm/MqueepzZxgQW
Score

1^/10
behavioral2
- Target
  
  Plugin/ch.dll
- Size
  
  45KB
- MD5
  
  2fe4b9dbd31f83faa7aa1c692ba4d3a2
- SHA1
  
  1b3c03e29302a0f07acb4af306a7ad42ea4827dd
- SHA256
  
  3c088df7119c494e3df95af42456225f4dab1c3abe003869f8c79afb0993b027
- SHA512
  
  cd169dc1d2d5cf0f538334b8ac31817ea1a4e2c8c0faca6a715c63eb4aa464e8aaa4f6b10fe030f46a37ab18a1cd6fe099c662c727e107cb87ada1a8218bc5fb
- SSDEEP
  
  768:FjTkCC7kDA87eqVlviNDkpI/pDwxRcNDRQt40BthZWMaGOQKgB22T:dkCC7kDA87eqVlviNo2hkxmRRQthBt3O
Score

1^/10
behavioral3
- Target
  
  Plugin/mic.dll
- Size
  
  77KB
- MD5
  
  9b376f0d44995ca15d43f7943a602fb2
- SHA1
  
  18a2bb7d13836256bd5f39089203f18d740669d5
- SHA256
  
  27528a77e27d02aadecabfdf658b2da638bb0ca2f2c60bdd9d0fd5338c1fc346
- SHA512
  
  4dfb0c49816e0d0c2f7d0d76081725bd48d3713506ec51ac6c06ae7092908d14e3683d707d6f332505163fb0ade0ee6b50a355cd69c25725e829ebb23a3e93b2
- SSDEEP
  
  1536:ZAwSxproATOoeQHshYNR1zTTxqPbKhOCjXKem:TSxpr/KoemAYxTTxqj
Score

1^/10
behavioral4
- Target
  
  Plugin/plg.dll
- Size
  
  65KB
- MD5
  
  c179e212316f26ce9325a8d80d936666
- SHA1
  
  14d08b3cda60341d1e9187fc14bd64ebefe4a5b6
- SHA256
  
  13043521ed6876edf2736fc46a7c49e6b639cfa7a866ca11de26f119796cd521
- SHA512
  
  1b5eb687a9932c82ab2e655dbc5df8ba667a023e7568dbbd13c503a54661763193bde11937f87e2e09b88d770c8357eda07589d526e6103db058038e3ce3b750
- SSDEEP
  
  768:rVRKgRFKn3N5U2jNGUyXWI9Yi1s0sbtAEsz8CjBMiPs2T:pR3R895Npyhn1sBbtPsz8C9P
Score

1^/10
behavioral5
- Target
  
  Plugin/pw.dll
- Size
  
  284KB
- MD5
  
  ac43720c43dcf90b2d57d746464ad574
- SHA1
  
  eae39df1c717ca74f6f04d5ca8478ea55145535a
- SHA256
  
  ca6367d1ab873a55ced13d7024c530bbe4a6a703813225233e59041c7ce14eaa
- SHA512
  
  9082b3cd8b36031256923c8f2bed628e9331129bbf09d111d9d02268a49e493248e5638ddee5b02da66e9159a608f8f26499ca0f736d6a369a30f71950c60d40
- SSDEEP
  
  6144:QxY714e31bXJVFJmShoCKFdZ3aDGjXsCUjguhyUOMO:7ZxJ/JmSG9T8CEgdM
Score

1^/10
behavioral6
- Target
  
  Plugin/sc2.dll
- Size
  
  46KB
- MD5
  
  2d65bc3bff4a5d31b59f5bdf6e6311d7
- SHA1
  
  43962fbeb93fc267fb1c7036a12b8c5d6f40c28a
- SHA256
  
  010b1ec566be774a2d12146f9826aa31fd7eb6ffe7b45ce5e572b2d8c7f815c3
- SHA512
  
  b210d447cc9b4b89402a2a1d3d5e9cfe13ae897c47094be4110ed3aac109152c8a45ec138f73b703e7d3799934234cba4ca3f2439b3dd193a4cec671b9edaa6a
- SSDEEP
  
  768:mtAX1G0UYRxIDbYDGN5/eoK79QlRfe2AfgFTMBku2T:mtAFZUYA/uW2x9CJe2BFQB
Score

1^/10
behavioral7
- Target
  
  WinMM.Net.dll
- Size
  
  43KB
- MD5
  
  d4b80052c7b4093e10ce1f40ce74f707
- SHA1
  
  2494a38f1c0d3a0aa9b31cf0650337cacc655697
- SHA256
  
  59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46
- SHA512
  
  3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450
- SSDEEP
  
  768:LyasDzF2TDSemqD9tGI+ffwj2Au0LVpqmf7KxcOOrYCPTxqPb85:LyaXKemqD9tGI+ffwj2Au0LVpq4KWrlv
Score

1^/10
behavioral8