njrat | 6df749c99fac5bc1097bdd0566120dbd7f38aa392b06227b66efff14412b80c9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

Everythin.exe

windows10-ltsc 2021-x64

Everythin.exe

windows11-21h2-x64

Resubmissions

08/02/2025, 19:56

250208-ynsksaspbm 10

08/02/2025, 19:55

250208-yndrmasngl 10

Sharing

General

Target

Everythin.exe
Size

29.5MB
Sample

250208-ynsksaspbm
MD5

d83d5ff23292103a65b43fbd42b7f243
SHA1

b27e29d090712a2cf50d17a17fb1a8f78fba8aec
SHA256

6df749c99fac5bc1097bdd0566120dbd7f38aa392b06227b66efff14412b80c9
SHA512

7dc52a8d2eb202603f27cf9addd9c4cc08de289d041b0e4960917354251dae407c9485b864c0d81bad623eda45fa23078205d6e30ac4909c15be3e5961ed35da
SSDEEP

786432:a97LDzYHKsqAK/DxlMwVbrxpstnsnxzxP3LLv:o7LfgOh/TMQ3OnMxtPv

Score

10^/10

njrat stealer windows collection discovery persistence pyinstaller trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Everythin.exe

Resource

win10ltsc2021-20250207-en

njrat stealer windows collection discovery pyinstaller trojan upx

windows10-ltsc 2021-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Everythin.exe

Resource

win11-20250207-en

njrat stealer windows discovery persistence pyinstaller trojan upx

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

Windows

C2

127.0.0.1:10454

Mutex

windows.exe

Attributes

reg_key
windows.exe
splitter
|Ghost|

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

stealer

C2

environmental-seeds.gl.at.ply.gg:35534

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  Everythin.exe
- Size
  
  29.5MB
- MD5
  
  d83d5ff23292103a65b43fbd42b7f243
- SHA1
  
  b27e29d090712a2cf50d17a17fb1a8f78fba8aec
- SHA256
  
  6df749c99fac5bc1097bdd0566120dbd7f38aa392b06227b66efff14412b80c9
- SHA512
  
  7dc52a8d2eb202603f27cf9addd9c4cc08de289d041b0e4960917354251dae407c9485b864c0d81bad623eda45fa23078205d6e30ac4909c15be3e5961ed35da
- SSDEEP
  
  786432:a97LDzYHKsqAK/DxlMwVbrxpstnsnxzxP3LLv:o7LfgOh/TMQ3OnMxtPv
Score

10^/10

njrat stealer windows collection discovery pyinstaller trojan upx persistence
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratstealerwindowscollectiondiscoverypyinstallertrojanupx

behavioral2

njratstealerwindowsdiscoverypersistencepyinstallertrojanupx

© 2018-2025

Terms | Privacy