njrat | a2030815225eff8c32ffae0fcb785cd1761d093d205e7ff9d9f8a0c96f89c871

Sharing

Copy URL

Twitter E-mail

General

Target

NjRat Red Edition.rar
Size

8.2MB
Sample

250126-ycws3a1lgy
MD5

f5e6018c3d1eaad0bf6acc1580dacb43
SHA1

8f22f30ecc35fcce9aab794587f7b33d10f2270e
SHA256

a2030815225eff8c32ffae0fcb785cd1761d093d205e7ff9d9f8a0c96f89c871
SHA512

80de1d6861ce851ca842e03dda8d7f1f35231b55481eca996f8892c21f354827c650354d768d2623216030a6790e49dc7ceef62fba69b90d17a0b75143c9cac2
SSDEEP

196608:ew3vlSABbd2f0OuBiYEhAdhK/+yBfbGyE4b2a70siw8:/tfbcMOuE4hKG8fbNOYz8

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

127.0.0.1:6522

Mutex

60c28f2ec9c1d3d7f391e11534af955e

Attributes

reg_key
60c28f2ec9c1d3d7f391e11534af955e
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  NjRat Red Edition/NjRat 0.7D Red Edition.exe
- Size
  
  9.3MB
- MD5
  
  ce53474089a9756898a43d473638dccf
- SHA1
  
  22cafe1b5e69c2a0ceea58642e722b53744df694
- SHA256
  
  489db926ac0420a76ff682ceb90003a78dd2a02e42c254a2aae4fc234bb013e6
- SHA512
  
  df437ce1ac935d78ba9a0495a568e63cf204117aaefd6397a00b67fbd1aaec876ba7150380e7ea4a52370f80bf506c76f347d0d01e9a50acb2676b8bd5f69701
- SSDEEP
  
  98304:SodZrxZERMDoMu2EW5nnim//7uvwCt5tuo32vIoZp:SodjE6nnim//7uVtFw
Score

10^/10

njrat mybot defense_evasion discovery persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1
- Target
  
  NjRat Red Edition/Plugin/cam.dll
- Size
  
  99KB
- MD5
  
  8ce3060686462fc72ece2701caa13e3b
- SHA1
  
  19fc9892200de4db332ddd0c14b4b6fd9a35ccd4
- SHA256
  
  881d5afb9aa4799c73e75dcd28587dba85dd844e4137287ea48c6b66525e2638
- SHA512
  
  ef38e00b054240a0d4747bfd79db860015ed027735c360de58af6889a69482109ccf74770608a2750542457ac38aa79367431ff6ca77fae44d7e3a7023f33a17
- SSDEEP
  
  3072:31IL2SeOPGmBUMqtZabredepzZxgUPWeJP3:w2Sm/MqueepzZxgQW
Score

3^/10

discovery
behavioral2
- Target
  
  NjRat Red Edition/Plugin/ch.dll
- Size
  
  45KB
- MD5
  
  2fe4b9dbd31f83faa7aa1c692ba4d3a2
- SHA1
  
  1b3c03e29302a0f07acb4af306a7ad42ea4827dd
- SHA256
  
  3c088df7119c494e3df95af42456225f4dab1c3abe003869f8c79afb0993b027
- SHA512
  
  cd169dc1d2d5cf0f538334b8ac31817ea1a4e2c8c0faca6a715c63eb4aa464e8aaa4f6b10fe030f46a37ab18a1cd6fe099c662c727e107cb87ada1a8218bc5fb
- SSDEEP
  
  768:FjTkCC7kDA87eqVlviNDkpI/pDwxRcNDRQt40BthZWMaGOQKgB22T:dkCC7kDA87eqVlviNo2hkxmRRQthBt3O
Score

3^/10

discovery
behavioral3
- Target
  
  NjRat Red Edition/Plugin/mic.dll
- Size
  
  77KB
- MD5
  
  9b376f0d44995ca15d43f7943a602fb2
- SHA1
  
  18a2bb7d13836256bd5f39089203f18d740669d5
- SHA256
  
  27528a77e27d02aadecabfdf658b2da638bb0ca2f2c60bdd9d0fd5338c1fc346
- SHA512
  
  4dfb0c49816e0d0c2f7d0d76081725bd48d3713506ec51ac6c06ae7092908d14e3683d707d6f332505163fb0ade0ee6b50a355cd69c25725e829ebb23a3e93b2
- SSDEEP
  
  1536:ZAwSxproATOoeQHshYNR1zTTxqPbKhOCjXKem:TSxpr/KoemAYxTTxqj
Score

3^/10

discovery
behavioral4
- Target
  
  NjRat Red Edition/Plugin/plg.dll
- Size
  
  65KB
- MD5
  
  c179e212316f26ce9325a8d80d936666
- SHA1
  
  14d08b3cda60341d1e9187fc14bd64ebefe4a5b6
- SHA256
  
  13043521ed6876edf2736fc46a7c49e6b639cfa7a866ca11de26f119796cd521
- SHA512
  
  1b5eb687a9932c82ab2e655dbc5df8ba667a023e7568dbbd13c503a54661763193bde11937f87e2e09b88d770c8357eda07589d526e6103db058038e3ce3b750
- SSDEEP
  
  768:rVRKgRFKn3N5U2jNGUyXWI9Yi1s0sbtAEsz8CjBMiPs2T:pR3R895Npyhn1sBbtPsz8C9P
Score

3^/10

discovery
behavioral5
- Target
  
  NjRat Red Edition/Plugin/pw.dll
- Size
  
  284KB
- MD5
  
  ac43720c43dcf90b2d57d746464ad574
- SHA1
  
  eae39df1c717ca74f6f04d5ca8478ea55145535a
- SHA256
  
  ca6367d1ab873a55ced13d7024c530bbe4a6a703813225233e59041c7ce14eaa
- SHA512
  
  9082b3cd8b36031256923c8f2bed628e9331129bbf09d111d9d02268a49e493248e5638ddee5b02da66e9159a608f8f26499ca0f736d6a369a30f71950c60d40
- SSDEEP
  
  6144:QxY714e31bXJVFJmShoCKFdZ3aDGjXsCUjguhyUOMO:7ZxJ/JmSG9T8CEgdM
Score

3^/10

discovery
behavioral6
- Target
  
  NjRat Red Edition/Plugin/sc2.dll
- Size
  
  46KB
- MD5
  
  2d65bc3bff4a5d31b59f5bdf6e6311d7
- SHA1
  
  43962fbeb93fc267fb1c7036a12b8c5d6f40c28a
- SHA256
  
  010b1ec566be774a2d12146f9826aa31fd7eb6ffe7b45ce5e572b2d8c7f815c3
- SHA512
  
  b210d447cc9b4b89402a2a1d3d5e9cfe13ae897c47094be4110ed3aac109152c8a45ec138f73b703e7d3799934234cba4ca3f2439b3dd193a4cec671b9edaa6a
- SSDEEP
  
  768:mtAX1G0UYRxIDbYDGN5/eoK79QlRfe2AfgFTMBku2T:mtAFZUYA/uW2x9CJe2BFQB
Score

3^/10

discovery
behavioral7
- Target
  
  NjRat Red Edition/WinMM.Net.dll
- Size
  
  43KB
- MD5
  
  d4b80052c7b4093e10ce1f40ce74f707
- SHA1
  
  2494a38f1c0d3a0aa9b31cf0650337cacc655697
- SHA256
  
  59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46
- SHA512
  
  3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450
- SSDEEP
  
  768:LyasDzF2TDSemqD9tGI+ffwj2Au0LVpqmf7KxcOOrYCPTxqPb85:LyaXKemqD9tGI+ffwj2Au0LVpq4KWrlv
Score

1^/10
behavioral8