njrat | cb9036f98e1865c5b9d4a82f76fc60176bf6353ee3e1a41d72c198bf992cd19d | Triage

Submit
Reports

Overview

overview

Static

static

vir.exe

windows11-21h2-x64

7

Sharing

General

Target

vir.exe
Size

36.9MB
Sample

240524-ac9sxseb6x
MD5

2d4e021175d1b6bbee51be15e9bec384
SHA1

24256916b2c654a4c9055f0e1e6fe423654310f0
SHA256

cb9036f98e1865c5b9d4a82f76fc60176bf6353ee3e1a41d72c198bf992cd19d
SHA512

cbbf62fa974781192db459c546b5cd575d59ec528e04a63a8f7d8eb3fabec810ddef5c41d854aac4633fea0a36129b1a263540b38d0f77594799aa5af90d448d
SSDEEP

786432:J4RerlLa3nbEwrkACTe6YQbjGEhM6XHXkvj:aulW3bEoALHUr

Score

10^/10

njrat quasar umbral link pdf upx

Static task

static1

pdf link quasar umbral njrat

8 signatures

Behavioral task

behavioral1

Sample

vir.exe

Resource

win11-20240426-en

windows11-21h2-x64

17 signatures

1800 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Targets

- Target
  
  vir.exe
- Size
  
  36.9MB
- MD5
  
  2d4e021175d1b6bbee51be15e9bec384
- SHA1
  
  24256916b2c654a4c9055f0e1e6fe423654310f0
- SHA256
  
  cb9036f98e1865c5b9d4a82f76fc60176bf6353ee3e1a41d72c198bf992cd19d
- SHA512
  
  cbbf62fa974781192db459c546b5cd575d59ec528e04a63a8f7d8eb3fabec810ddef5c41d854aac4633fea0a36129b1a263540b38d0f77594799aa5af90d448d
- SSDEEP
  
  786432:J4RerlLa3nbEwrkACTe6YQbjGEhM6XHXkvj:aulW3bEoALHUr
Score

7^/10

upx
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

pdflinkquasarumbralnjrat

behavioral1

© 2018-2024

Terms | Privacy