njrat | 5ff121c57e4a2f2f75e4985660c9666a44b39ef2549b29b3a4d6a1e06e6e3f65

Sharing

Copy URL

Twitter E-mail

General

Target

njRAT-v0.6.4.zip
Size

1.5MB
Sample

241210-qtw66a1rdp
MD5

3ccce9d87ce9ea751abea094d1639d0a
SHA1

427867b229e02869ac68de3a605998a585ad6a80
SHA256

5ff121c57e4a2f2f75e4985660c9666a44b39ef2549b29b3a4d6a1e06e6e3f65
SHA512

c2b77936b7238582a92d21ff9149e7eeeef65004fc5528148ecbaf9467252dff138ce545fe90bd8c621e82c38b9e0e44f022550e0cc5e5b134e504919142fe8d
SSDEEP

49152:pmRkTADhN5ulDigt8pri+kxs9/z/pH+3h:pmRulu48p2VU/z/S

Score

10^/10

Malware Config

Targets

- Target
  
  njRAT-v0.6.4/Mono.Cecil.dll
- Size
  
  305KB
- MD5
  
  851ec9d84343fbd089520d420348a902
- SHA1
  
  f8e2a80130058e4db3cf569cf4297d07d05c93e0
- SHA256
  
  cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9
- SHA512
  
  5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1
- SSDEEP
  
  6144:ueMQM/aMOZabe3h1PtRjAqmYVNf3yTXcYBbt6KMBhu:uF/aMDb8BtRjA7XcYNclB
Score

1^/10
behavioral1 behavioral2
- Target
  
  njRAT-v0.6.4/NAudio.dll
- Size
  
  382KB
- MD5
  
  422193aabd3d62275b2b98470279d9f2
- SHA1
  
  62ff295275cfbc07132934e473e43b0a4749ec39
- SHA256
  
  cd9709bf1c7396f6fe3684b5177fa0890c706ca82e2b98ba58e8d8383632a3c8
- SHA512
  
  1ac568f7448ed4a7eed1a9296a8ea132eb0bea0d5e622f80147bca701ab1212421d25a847dbc469abc4089042d3c662235be6d44b12446d174b13223a78f682c
- SSDEEP
  
  6144:r+RsYcXreeC8Kl6jQX4ZL2dmeNVnhZD6sg++3aadCDbjuCNj2GLk:IgXfexdD+Y+dCA
Score

1^/10
behavioral3 behavioral4
- Target
  
  njRAT-v0.6.4/Plugin/Mic.dll
- Size
  
  407KB
- MD5
  
  f4a19d968ff6f5af1601b97f1756d6e3
- SHA1
  
  d55533b20bda5c865f1e48561e497bf36c577097
- SHA256
  
  fde583027a692d210e8f1f73667fa0037705128ade8bbfbc9b780f019ead6672
- SHA512
  
  0faf589290882a3f8a653d15b495fa084abecf76e2b12be0332f0a385c549f3055959ab6deca89818bcad454deb45981adb400aa2339de8ce664aede5df74052
- SSDEEP
  
  6144:0nKBmP1NE/VdJXjTe8LKeIFQ1A2GCWqjo6fiM0lGJiIE0kyuuUJ:9Bi1+RjKreDAuxScJiIE0kfl
Score

1^/10
behavioral5 behavioral6
- Target
  
  njRAT-v0.6.4/Plugin/cam.dll
- Size
  
  63KB
- MD5
  
  0a1ca904b3d688c01f4e5faae811922b
- SHA1
  
  143a3d4a5865c59926b49add4d596c6fc3e1a797
- SHA256
  
  b02c56d29447690cdafd8f2f6877d526d1f6efcaae74017719c460d9b3ee38b8
- SHA512
  
  fdf9b6a6d8ed0f2443907923dcfba6401145ee377454e196ccd057e9ae126d7e66b2607d9c4ed95bbfbdb26321904cd72ed052c3cd8d942785f12f340a864424
- SSDEEP
  
  1536:srUlse2ToVMjLb6M0VqSep+cx4sDEl3N6:OyP+b6MMBep+cx5DET6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  njRAT-v0.6.4/Plugin/ch.dll
- Size
  
  13KB
- MD5
  
  1cb8fa647355805f2ae6a7e6bb71b138
- SHA1
  
  f9ab8ab8ea532775023338ce10ae3423c8aabb1b
- SHA256
  
  89a1bbe42cde01ddfe531d69dd6ea6575296096010400cb63cbf4999eca52e52
- SHA512
  
  acf6a42b9e8634f9bf5f4eac01d10d92ec5ef1eeddfb9432cda020cd76e11abf1fd1b5091c5a28bcb9c100f122a1e9026d33b0af833dd603f87cabb37f495517
- SSDEEP
  
  192:aX33uVlADj04riZXNZhNQmPrXxRESnsB3nsZn3oUMOtpsl1vO8:M33uVlAX04O9T4qQSnslsZn3ohQ+ZO8
Score

1^/10
behavioral10 behavioral9
- Target
  
  njRAT-v0.6.4/Plugin/fm.dll
- Size
  
  13KB
- MD5
  
  51c2ee936ded2e55f8bcc8cba6e3b330
- SHA1
  
  1887396650202fc9e10d1044dc40322b2ab46b52
- SHA256
  
  f132324acf09c0562a1cad1288bfb4021bd991659126d21ecb9499938bf6acb3
- SHA512
  
  8bf5d473523d1e018b1f3b557104574d314459b2856152f9f25e393ce2128e92fd101465c9ab96053fde43b1c18b8cb31df0af2cebb6fb284da632a60a097e09
- SSDEEP
  
  192:dNc2iE9ZflPFFiydLz/GQYehDnGUx99Lg5Pjxns0cmd3dMtsl:U2xFi2LTfx96Fs0cmd3dMtE
Score

1^/10
behavioral11 behavioral12
- Target
  
  njRAT-v0.6.4/Plugin/pw.dll
- Size
  
  39KB
- MD5
  
  db87daf76c15f3808cec149f639aa64f
- SHA1
  
  d67f84a44ddc25432ce179aeba9cff778af746ee
- SHA256
  
  a3e4bee1b6944aa9266bd58de3f534a4c1896df621881a5252a0d355a6e67c70
- SHA512
  
  ad7dc75254180ff7c988b7f394ad76b696384002457d558469d2c6401dd97cba54c532245bb555ab28d2beda3ab504736bb2b89040a21ba6598929392daab473
- SSDEEP
  
  768:fqcFOkBO3jzamnEjt0Wp8em0nktiwRnKSg42+:fvg3jumny0Wp8em08NBgG
Score

1^/10
behavioral13 behavioral14
- Target
  
  njRAT-v0.6.4/Plugin/sc2.dll
- Size
  
  10KB
- MD5
  
  be128028f705b0233dad7d1f603bdf78
- SHA1
  
  d910effa387a4f1967869951550f81d6631a2bbf
- SHA256
  
  d3dcb25f9004f6fce3f3d94406ad6845d996cda2f106a203082aed39a84fac4e
- SHA512
  
  6f66fbea264fd372a90751cde86c268d3194299cd2737c4543462daa1b15e3a889d0beee242fb960489020a47097a0c66865d97163f4530903c4f39e395e7db9
- SSDEEP
  
  192:sjVj8yUiYbahcj7WlB1a05L8ujfELJhfpnaV75b87dk7lJp:sJF3hcOlB005LjjfmJhfdajYZMJp
Score

1^/10
behavioral15 behavioral16
- Target
  
  njRAT-v0.6.4/njRAT.exe
- Size
  
  959KB
- MD5
  
  0431311b5f024d6e66b90d59491f2563
- SHA1
  
  e9ff4da7e3f2199cbc16d37d8935cb1b0567ac2a
- SHA256
  
  fd624aa205517580e83fad7a4ce4d64863e95f62b34ac72647b1974a52822199
- SHA512
  
  d44b14e4b24e6e2d506ec32098488a16ebd5df57499ecd85e8878b8af2a3e1f9ed20d4125836417b702d0571f992aeac07af051dbf9268f48954556d17f51ee2
- SSDEEP
  
  12288:+O9vE3J7JO+xEPuc//9wivAmv6SAbnzmip2hGnadlFM4ZHOT2:+eXuczPCSGnzVjad1
Score

10^/10

njrat discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral17 behavioral18
- Target
  
  njRAT-v0.6.4/stub.il
- Size
  
  307KB
- MD5
  
  1b92496b750a26f2450e34500a2c4215
- SHA1
  
  44813577b92640a181272b38aae03ce9df174059
- SHA256
  
  a1b65f18c7e882b1606a4ef9387d8988e6fd755d7d03214b677ad528a487d73a
- SHA512
  
  e0be393c33825e5f638450ff563bfcd5aee6af6f475e757e97a9bc6c66112c0302f09ba9dabde68c228a4a7326472c55f5c58992a0d7e22f5807047dc1e7a785
- SSDEEP
  
  6144:ZYyb3GXgjTFj3nNYU037kmkktvD8hbDCLti+4Y+Br:ZYyb3GX4NYU0LkmkktvD8hbDCLti+4Y4
Score

3^/10

execution
behavioral19 behavioral20