Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://example.com

windows10-1703-x64

10

Resubmissions

16-07-2024 00:52

240716-a7538axekq 10

16-07-2024 00:38

240716-azbjmszcpe 10

16-07-2024 00:24

240716-aqbs2syhpd 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    http://example.com

  • Sample

    240716-a7538axekq

Score
10/10
njratorcusxwormhackedagilenetratspywarestealertrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Extracted

Family

xworm

C2

10.127.0.75:7000

Mutex

y8KeyW2edDy16AK9

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      http://example.com

    Score
    10/10
    njratorcusxwormhackedagilenetratspywarestealertrojan

    • Detect Xworm Payload

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Orcurs Rat Executable

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Uses the VBS compiler for execution

    • Drops desktop.ini file(s)

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks