njrat | b96212596ff9aed889c53e8493c5c5634bd4d9eaff9108e80b5249c35c21c293 | Triage

Submit
Reports

Overview

overview

Static

static

b96212596f...93.exe

windows7-x64

b96212596f...93.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

b96212596ff9aed889c53e8493c5c5634bd4d9eaff9108e80b5249c35c21c293
Size

425KB
Sample

240406-cjjlesha31
MD5

bc08200ca0ea5694d5588116624b6415
SHA1

abbc19cd44e7fbe8ae06a012bbc934b033a7e221
SHA256

b96212596ff9aed889c53e8493c5c5634bd4d9eaff9108e80b5249c35c21c293
SHA512

89461303aad84931941392107d73c91f5d0ecd20e461c5e0848d350bdc44258b239df1924371937274b7765a75a3ae9466c8e8d02e43afa150d8dd2e794429ba
SSDEEP

12288:WquErHF6xC9D6DmR1J98w4oknqO/CyQftQYqYbLmKC:brl6kD68JmlokQfttqY2KC

Score

10^/10

njrat 14 mai generateur xbox evasion trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

b96212596ff9aed889c53e8493c5c5634bd4d9eaff9108e80b5249c35c21c293.exe

Resource

win7-20240221-en

njrat 14 mai generateur xbox evasion trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b96212596ff9aed889c53e8493c5c5634bd4d9eaff9108e80b5249c35c21c293.exe

Resource

win10v2004-20240319-en

njrat 14 mai generateur xbox evasion trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

14 mai generateur xbox

C2

89.94.35.57:1604

Mutex

ef05e501c2e286164abf5fcaa961559f

Attributes

reg_key
ef05e501c2e286164abf5fcaa961559f
splitter
|'|'|

Targets

- Target
  
  b96212596ff9aed889c53e8493c5c5634bd4d9eaff9108e80b5249c35c21c293
- Size
  
  425KB
- MD5
  
  bc08200ca0ea5694d5588116624b6415
- SHA1
  
  abbc19cd44e7fbe8ae06a012bbc934b033a7e221
- SHA256
  
  b96212596ff9aed889c53e8493c5c5634bd4d9eaff9108e80b5249c35c21c293
- SHA512
  
  89461303aad84931941392107d73c91f5d0ecd20e461c5e0848d350bdc44258b239df1924371937274b7765a75a3ae9466c8e8d02e43afa150d8dd2e794429ba
- SSDEEP
  
  12288:WquErHF6xC9D6DmR1J98w4oknqO/CyQftQYqYbLmKC:brl6kD68JmlokQfttqY2KC
Score

10^/10

njrat 14 mai generateur xbox evasion trojan upx
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- UPX dump on OEP (original entry point)
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrat14 mai generateur xboxevasiontrojanupx

behavioral2

njrat14 mai generateur xboxevasiontrojanupx

© 2018-2025

Terms | Privacy