njrat | af8fd5644cdd7ebbc3ed179352923760e6950c633a6a322d628191ab2e9a64aa | Triage

Submit
Reports

Overview

overview

Static

static

af8fd5644c...aa.exe

windows7-x64

af8fd5644c...aa.exe

windows10-2004-x64

Sharing

General

Target

af8fd5644cdd7ebbc3ed179352923760e6950c633a6a322d628191ab2e9a64aa
Size

425KB
Sample

240420-byxadsch97
MD5

806051b6314f9755dec606f8d6955eb4
SHA1

7e2dbf2455bcca31dfe5193f01d7fee823455ab9
SHA256

af8fd5644cdd7ebbc3ed179352923760e6950c633a6a322d628191ab2e9a64aa
SHA512

565ccfebf333ff6fe6dfbf0fdc086f91cab95d62242a1b9927d8ca131bba36132839094c1694be5814edceda37be2afc6c4da9b2291c37ef36d0df5e05dcca45
SSDEEP

12288:WquErHF6xC9D6DmR1J98w4oknqO/CyQftQYqYbLmKj:brl6kD68JmlokQfttqY2Kj

Score

10^/10

njrat 14 mai generateur xbox evasion trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

af8fd5644cdd7ebbc3ed179352923760e6950c633a6a322d628191ab2e9a64aa.exe

Resource

win7-20240221-en

njrat 14 mai generateur xbox evasion trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

af8fd5644cdd7ebbc3ed179352923760e6950c633a6a322d628191ab2e9a64aa.exe

Resource

win10v2004-20240412-en

njrat 14 mai generateur xbox evasion trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

14 mai generateur xbox

C2

89.94.35.57:1604

Mutex

ef05e501c2e286164abf5fcaa961559f

Attributes

reg_key
ef05e501c2e286164abf5fcaa961559f
splitter
|'|'|

Targets

- Target
  
  af8fd5644cdd7ebbc3ed179352923760e6950c633a6a322d628191ab2e9a64aa
- Size
  
  425KB
- MD5
  
  806051b6314f9755dec606f8d6955eb4
- SHA1
  
  7e2dbf2455bcca31dfe5193f01d7fee823455ab9
- SHA256
  
  af8fd5644cdd7ebbc3ed179352923760e6950c633a6a322d628191ab2e9a64aa
- SHA512
  
  565ccfebf333ff6fe6dfbf0fdc086f91cab95d62242a1b9927d8ca131bba36132839094c1694be5814edceda37be2afc6c4da9b2291c37ef36d0df5e05dcca45
- SSDEEP
  
  12288:WquErHF6xC9D6DmR1J98w4oknqO/CyQftQYqYbLmKj:brl6kD68JmlokQfttqY2Kj
Score

10^/10

njrat 14 mai generateur xbox evasion trojan upx
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- UPX dump on OEP (original entry point)
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njrat14 mai generateur xboxevasiontrojanupx

behavioral2

njrat14 mai generateur xboxevasiontrojanupx

© 2018-2024

Terms | Privacy