njrat | 76f7d049dcc9d1ce18c0a6e9ecdb1330a4cc3c01338a4048a8d0801a0d54cf52 | Triage

Submit
Reports

Overview

overview

Static

static

lol.exe

windows10-2004-x64

Sharing

General

Target

lol.exe
Size

9.2MB
Sample

240523-rvzjcaed2z
MD5

d34b17e6ea6ac4905395e642fccb4b41
SHA1

28077dd98405dc4d81ab23a5d4b8d3bd1641c1f7
SHA256

76f7d049dcc9d1ce18c0a6e9ecdb1330a4cc3c01338a4048a8d0801a0d54cf52
SHA512

db566fa061db5592329fe2719c4083c8c8d17f032f7f6a36c899c3c9aa02a4766edc4711547b0ad6bc8e6cb4d61d10a3961850fe9a8993bf5f4f2da617ee3909
SSDEEP

196608:tbVYKe7PTQhn5EQ9hNQAYzA5k6cTWDn7JKObS09BBI3:pzuQ5EWheYkv8LlB23

Score

10^/10

njrat umbral evasion persistence stealer trojan

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

lol.exe

Resource

win10v2004-20240426-en

njrat umbral evasion persistence stealer trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  lol.exe
- Size
  
  9.2MB
- MD5
  
  d34b17e6ea6ac4905395e642fccb4b41
- SHA1
  
  28077dd98405dc4d81ab23a5d4b8d3bd1641c1f7
- SHA256
  
  76f7d049dcc9d1ce18c0a6e9ecdb1330a4cc3c01338a4048a8d0801a0d54cf52
- SHA512
  
  db566fa061db5592329fe2719c4083c8c8d17f032f7f6a36c899c3c9aa02a4766edc4711547b0ad6bc8e6cb4d61d10a3961850fe9a8993bf5f4f2da617ee3909
- SSDEEP
  
  196608:tbVYKe7PTQhn5EQ9hNQAYzA5k6cTWDn7JKObS09BBI3:pzuQ5EWheYkv8LlB23
Score

10^/10

njrat umbral evasion persistence stealer trojan
- Detect Umbral payload
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratumbralevasionpersistencestealertrojan

© 2018-2024

Terms | Privacy