njrat | 1dbda519a644e4d68ce67947ada332f98f85b56bebfa8d9be86cb711466095ff

General

Target

Plague Crack.zip
Size

1.8MB
Sample

240710-nzv5yawdjl
MD5

3da6281c013338109d9014c7a7cbbda7
SHA1

f6fd34ad335a27004ddee1ca8fe14ff9e02e4c15
SHA256

1dbda519a644e4d68ce67947ada332f98f85b56bebfa8d9be86cb711466095ff
SHA512

56c885ceb5ae0d265cedbe1ea4ab107dd65f18739deb7d57dbf8267a946bbc63626124e2f2ee1219e40beaf3fa6dd6dc8f7d004091553bed4c133f2eb8b58f3c
SSDEEP

49152:lQG0HwB/vstPBDOLS9MQPC2Y1B8l/8ytcRR:uG0Kvst5DWPQMuX2R

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

sv_chost.exe

C2

192.168.176.1:6522

Mutex

d170bd0301e70420e220fb7a5c621fdf

Attributes

reg_key
d170bd0301e70420e220fb7a5c621fdf
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Plague crack/Client.exe
- Size
  
  31KB
- MD5
  
  390d34e903b86af3619fd35dd30378c6
- SHA1
  
  0e2fedee3f816ae525643dd61d3841c57f99803a
- SHA256
  
  d5a59b3315fce1989e6681262328e355f228a0691cef9b693d8b721c88830d1b
- SHA512
  
  410f7d82cc51fd5ef4aef8d2cecbaebd833d600f2d1c942846302a6cce3f9cdf9823fcfd9b9daa7cf1988eb07c36dc7e3a240eaad1f0d3315270031129a2cedd
- SSDEEP
  
  768:4DMXJwpJbb2zxxO5Y6qn+4isfvKwQmIDUu0tijMj:1kKW4isLQVkNj
Score

10^/10

njrat sv_chost.exe evasion persistence privilege_escalation trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  Plague crack/Launcher.bat
- Size
  
  45B
- MD5
  
  23e45603d9174a3c459e0f776395fce2
- SHA1
  
  45401deff1d3c0b621e524950c94e8746b2a73d0
- SHA256
  
  69f1cff5fe133b95f7d1ecb31328136816f21d232758d47c4afff91ef27f42ce
- SHA512
  
  af0bdbd88d5d828707a69b472e591fa20a1b808c5fec10b018ef28e7cae58172b374974773d1befd98ee1e6985d9d4e8267ef4d03f4fd3e87faef10457a3ab85
Score

10^/10

njrat sv_chost.exe evasion persistence privilege_escalation trojan
- UAC bypass
  evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  Plague crack/Loader.exe
- Size
  
  2.5MB
- MD5
  
  63847b942967176de1c5f82f3955b75d
- SHA1
  
  01444058174d309899c4cf3795e8d5ba36a5df6c
- SHA256
  
  32935173c6abc5b6560dfa6eae736164f1ecf94849580b4ba36d9d1156815872
- SHA512
  
  438bad890dd9744fcebc2452d78ef56754bf2deac01d2462e34d3f33ff7e2f83ee9c2aadec7654f3764f647ee2bbf50c2e6f3aff67277e9b4813ca841f557a43
- SSDEEP
  
  49152:jzf6V1jqp9ekTDKSxfHLqY+xKkmyLW5RhM0glm:jzyV0pXfOtIFIlm
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral5 behavioral6