njrat | 6b01e64b3574a313f2f8e1e42ce93b5444a3e99d66138aebddf7c3e3b81c601d | Triage

Submit
Reports

Overview

overview

Static

static

3

194961e6ef...18.exe

windows7-x64

194961e6ef...18.exe

windows10-2004-x64

Sharing

General

Target

194961e6ef4f3310336d23d78cb7357c_JaffaCakes118
Size

463KB
Sample

240505-z3ywsahb73
MD5

194961e6ef4f3310336d23d78cb7357c
SHA1

2f016cd2b88b716fad0b1352abda350aa567004f
SHA256

6b01e64b3574a313f2f8e1e42ce93b5444a3e99d66138aebddf7c3e3b81c601d
SHA512

517218b0fc5b530a32974f3eb34f78c533b86cade7965739084d2ddec001b0d3dd8e40d23397f471664e43677ac772befc490df10adfb91a231dd3e893f026d5
SSDEEP

6144:AnSbvnbjUwnkx1kcw3llt8ix50Ki1asiBKFABnyYwRXiO73knJxH4:A8DEkL8obnmi0kJ54

Score

10^/10

njrat zgrat agilenet persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

194961e6ef4f3310336d23d78cb7357c_JaffaCakes118.exe

Resource

win7-20231129-en

njrat zgrat agilenet persistence rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

194961e6ef4f3310336d23d78cb7357c_JaffaCakes118.exe

Resource

win10v2004-20240419-en

njrat zgrat agilenet persistence rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  194961e6ef4f3310336d23d78cb7357c_JaffaCakes118
- Size
  
  463KB
- MD5
  
  194961e6ef4f3310336d23d78cb7357c
- SHA1
  
  2f016cd2b88b716fad0b1352abda350aa567004f
- SHA256
  
  6b01e64b3574a313f2f8e1e42ce93b5444a3e99d66138aebddf7c3e3b81c601d
- SHA512
  
  517218b0fc5b530a32974f3eb34f78c533b86cade7965739084d2ddec001b0d3dd8e40d23397f471664e43677ac772befc490df10adfb91a231dd3e893f026d5
- SSDEEP
  
  6144:AnSbvnbjUwnkx1kcw3llt8ix50Ki1asiBKFABnyYwRXiO73knJxH4:A8DEkL8obnmi0kJ54
Score

10^/10

njrat zgrat agilenet persistence rat trojan
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratzgratagilenetpersistencerattrojan

behavioral2

njratzgratagilenetpersistencerattrojan

© 2018-2024

Terms | Privacy