njrat | bd0d8aaf3c8509f3170b3464a4949cf87a936c3fc1e3a16a2665b085a7046a69 | Triage

Submit
Reports

Overview

overview

Static

static

bd0d8aaf3c...69.exe

windows7-x64

bd0d8aaf3c...69.exe

windows10-2004-x64

Sharing

General

Target

bd0d8aaf3c8509f3170b3464a4949cf87a936c3fc1e3a16a2665b085a7046a69
Size

425KB
Sample

240406-cqyzpaha8z
MD5

b9a55c795b8b1ea38fe9a8f4549f2762
SHA1

ad8ba6823cd36261f21527391ff32532ef3cbdb4
SHA256

bd0d8aaf3c8509f3170b3464a4949cf87a936c3fc1e3a16a2665b085a7046a69
SHA512

0ebc3b25ce7855cf0df78d6eb12adf07fc55e881d55d762e74f8638d3f9821e6e90a9daac10c8d71cf49f9ee084ffadd180c6728ab098a35c52755f64c063e01
SSDEEP

12288:WquErHF6xC9D6DmR1J98w4oknqO/CyQftQYqYbLmKz:brl6kD68JmlokQfttqY2Kz

Score

10^/10

njrat 14 mai generateur xbox evasion trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

bd0d8aaf3c8509f3170b3464a4949cf87a936c3fc1e3a16a2665b085a7046a69.exe

Resource

win7-20240221-en

njrat 14 mai generateur xbox evasion trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

bd0d8aaf3c8509f3170b3464a4949cf87a936c3fc1e3a16a2665b085a7046a69.exe

Resource

win10v2004-20240319-en

njrat 14 mai generateur xbox trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

14 mai generateur xbox

C2

89.94.35.57:1604

Mutex

ef05e501c2e286164abf5fcaa961559f

Attributes

reg_key
ef05e501c2e286164abf5fcaa961559f
splitter
|'|'|

Targets

- Target
  
  bd0d8aaf3c8509f3170b3464a4949cf87a936c3fc1e3a16a2665b085a7046a69
- Size
  
  425KB
- MD5
  
  b9a55c795b8b1ea38fe9a8f4549f2762
- SHA1
  
  ad8ba6823cd36261f21527391ff32532ef3cbdb4
- SHA256
  
  bd0d8aaf3c8509f3170b3464a4949cf87a936c3fc1e3a16a2665b085a7046a69
- SHA512
  
  0ebc3b25ce7855cf0df78d6eb12adf07fc55e881d55d762e74f8638d3f9821e6e90a9daac10c8d71cf49f9ee084ffadd180c6728ab098a35c52755f64c063e01
- SSDEEP
  
  12288:WquErHF6xC9D6DmR1J98w4oknqO/CyQftQYqYbLmKz:brl6kD68JmlokQfttqY2Kz
Score

10^/10

njrat 14 mai generateur xbox evasion trojan upx
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- UPX dump on OEP (original entry point)
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrat14 mai generateur xboxevasiontrojanupx

behavioral2

njrat14 mai generateur xboxtrojanupx

© 2018-2024

Terms | Privacy