njrat | 56cb9a9aba2aa8d2ffa070fc15524cc0d4cb4b971cfd4f2c5fd089f18a9159bf

Analysis

max time kernel
419s
max time network
420s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/11/2024, 07:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

spam_discord.exe
Size

33KB
MD5

ae8f6efb07eca4eddd606257a09db80d
SHA1

1aec86f9a257129e92328cc499788ef9d634dbfd
SHA256

56cb9a9aba2aa8d2ffa070fc15524cc0d4cb4b971cfd4f2c5fd089f18a9159bf
SHA512

05e0baa914947c9ac8cd29dcc7f374e4935167ee8a1c60ddf894a799bd9d7d7d0ae266e4ca64b06e5bf0411a36b558be1942763e349580c9929079a51d59c3a4
SSDEEP

768:VvTRf6qjU4X10zbvQX0O7yOCPijnXkWebNiPVSRiR:tRf6qjV1Qbv60O75CKjkWUG4y

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

127.0.0.1:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|'|'|

Signatures

Njrat family
njrat
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	spam_discord.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
772	OpenWith.exe

C:\Users\Admin\AppData\Local\Temp\spam_discord.exe
"C:\Users\Admin\AppData\Local\Temp\spam_discord.exe"
1⤵
- Modifies registry class
PID:1624

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1624-0-0x00007FFF97325000-0x00007FFF97326000-memory.dmp

Filesize
4KB

Download
memory/1624-2-0x000000001BF00000-0x000000001C3CE000-memory.dmp

Filesize
4.8MB

Download
memory/1624-1-0x00007FFF97070000-0x00007FFF97A11000-memory.dmp

Filesize
9.6MB

Download
memory/1624-3-0x0000000001220000-0x0000000001236000-memory.dmp

Filesize
88KB

Download
memory/1624-4-0x000000001C3D0000-0x000000001C476000-memory.dmp

Filesize
664KB

Download
memory/1624-5-0x00007FFF97070000-0x00007FFF97A11000-memory.dmp

Filesize
9.6MB

Download
memory/1624-9-0x00007FFF97070000-0x00007FFF97A11000-memory.dmp

Filesize
9.6MB

Download