Extracted

• • Target

    a7a88c095a854da3f0468d13c1fd9ac2.exe

  • Size

    12.9MB

  • MD5

    a7a88c095a854da3f0468d13c1fd9ac2

  • SHA1

    96b746fe643a843c3f96b44c998079de34596881

  • SHA256

    b191be04048fdc73a8c07a809940af3db699b1e7691987830d3cb29db4bb6be1

  • SHA512

    90d44edec466744641a8088331b045f6b371e7bde8c937cf1c8b10f4236834f4ad9c4037d6da53a30230b88129fdaeb24bec21329813c52fd7acefcc723fa3fb

  • SSDEEP

    393216:KH+T9Asq0Jfkrnov5VlYdQdF3MnG38GrNs:KH+T9Ae5VlYdQ73MGsL

  Score

  10^/10

  njrathackedcollectioncredential_accessdefense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalationspywarestealertrojanupx

  • Njrat family

    njrat

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Clipboard Data

    Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    collection

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion

  • Enumerates processes with tasklist

    discovery

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2