Overview
overview
10Static
static
3Njrat-main...a).exe
windows10-1703-x64
10Njrat-main...a).exe
windows7-x64
7Njrat-main...a).exe
windows10-2004-x64
8Njrat-main...a).exe
windows11-21h2-x64
10Njrat-main...23.exe
windows10-1703-x64
7Njrat-main...23.exe
windows7-x64
7Njrat-main...23.exe
windows10-2004-x64
7Njrat-main...23.exe
windows11-21h2-x64
7General
-
Target
swag-top-tier-cc.zip
-
Size
19.4MB
-
Sample
240526-m1enxage86
-
MD5
0ff469bf1632b0434d593c4f5ea4fcc3
-
SHA1
0b12515772566a94d14c315b581d65b130290507
-
SHA256
2ce8cb36ecb4fd1fc004ac64495da7252223753658440fee143f9e6ce4b27d05
-
SHA512
d0e1b0bc9b0210bb3618939ac439202ce7a8f9d57863b07f1ccbef1649cba08a1927604dd2122b64398e769fe9f0b88b499b679cd832257449243fba22c108f4
-
SSDEEP
393216:Ma2Y4WsznaBmWJVEUKp4x+eOqnehPW0Q4oRET6GC4DzaC96t4vgHN8kjdvClzVya:x5eTVWJVbKpOOU0Qdy52C9Vvi2kJvqzB
Static task
static1
Behavioral task
behavioral1
Sample
Njrat-main/NjRat 0.7D Green Edition by im523(Beta).exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Njrat-main/NjRat 0.7D Green Edition by im523(Beta).exe
Resource
win7-20240419-en
Behavioral task
behavioral3
Sample
Njrat-main/NjRat 0.7D Green Edition by im523(Beta).exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Njrat-main/NjRat 0.7D Green Edition by im523(Beta).exe
Resource
win11-20240426-en
Behavioral task
behavioral5
Sample
Njrat-main/NjRat 0.7D Green Edition by im523.exe
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
Njrat-main/NjRat 0.7D Green Edition by im523.exe
Resource
win7-20240221-en
Behavioral task
behavioral7
Sample
Njrat-main/NjRat 0.7D Green Edition by im523.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
Njrat-main/NjRat 0.7D Green Edition by im523.exe
Resource
win11-20240508-en
Malware Config
Extracted
njrat
im523
HacKed
211.207.79.105:5552
2a81185388a3eb0efef9527e7e78f7be
-
reg_key
2a81185388a3eb0efef9527e7e78f7be
-
splitter
|'|'|
Targets
-
-
Target
Njrat-main/NjRat 0.7D Green Edition by im523(Beta).exe
-
Size
1.7MB
-
MD5
2d3f9951b531061af499f324ca30f3ce
-
SHA1
090626c1013d4e30c182cddc881ef004b7289ede
-
SHA256
7914abca942a21058ca87cf2e19366ce41204fa1085008cb890f5853bc852b2d
-
SHA512
e8ef728be7d9fb55b95b52e0c3e0e87d2a6e560ec5df309878b13c447e349bd2885f5fe1ef4075392bc242523fa7d74aea9607f48194cbc241a39ba04e9b03a5
-
SSDEEP
49152:1UNixUNihxhA3333333333333QthBKthxeGlPAZwX:iiWijhA3333333333333QthIthxlPAZk
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Njrat-main/NjRat 0.7D Green Edition by im523.exe
-
Size
20.2MB
-
MD5
348c0bd0ef7201d06bf159e115aa8260
-
SHA1
86395b0584650b9741af89ba45432558479f8111
-
SHA256
68028a6306c0343792b73783806e45c47b3b2c332580e6dd7c14efce4571f014
-
SHA512
6f3bedf2e8c4cb91a496dcdc371dc19839e50a0308927039e29958f49f529324f6665f0a85a1b4bc2c6c23eee493fefbee8fa2f5fcc5000a64a600caedd21203
-
SSDEEP
393216:z3333333333333qafiI6bReDy4HRamQ0qGCgVSfF+kxAb+nwSuPf06zMrqnoZHjP:z3333333333333NfklP4HRbQ0wuzjM6m
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1