njrat | 82104a89b676d095f16da49490abfd6267a0eea6617d619d25416aaf423125ce | Triage

Submit
Reports

Overview

overview

Static

static

3

Requirements.scr

windows7-x64

Requirements.scr

windows10-2004-x64

Requirements.docx

windows7-x64

4

Requirements.docx

windows10-2004-x64

1

nj.exe

windows7-x64

nj.exe

windows10-2004-x64

rv.exe

windows7-x64

rv.exe

windows10-2004-x64

Sharing

General

Target

b7dfbc58f20c398951c1278e07de68e3_JaffaCakes118
Size

313KB
Sample

240617-lchvzsvare
MD5

b7dfbc58f20c398951c1278e07de68e3
SHA1

46b6dd159fb7e31e96a27aad0dc9086cbe597877
SHA256

82104a89b676d095f16da49490abfd6267a0eea6617d619d25416aaf423125ce
SHA512

9000fb30f80c5ed7c7fa700bafe263165ae7a20f7e5f0c2c7dac2323bef6c31345abfb34685db0fd6f8a261f624c11e43eff72f4d6ee9ebf65d651e4c22bd499
SSDEEP

6144:Sx7GE55QIKeAcHAO5OlbckYkO3Q+1NA+UXLv0DgBwXoORBW267P8UD:9ELgV4F3lf/4VBuoOTW2ePL

Score

10^/10

njrat revengerat guest hacked evasion persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Requirements.scr

Resource

win7-20240221-en

njrat revengerat guest hacked evasion persistence trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

Requirements.scr

Resource

win10v2004-20240611-en

njrat revengerat guest hacked evasion persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral3

Sample

Requirements.docx

Resource

win7-20240508-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

Requirements.docx

Resource

win10v2004-20240508-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral5

Sample

nj.exe

Resource

win7-20231129-en

njrat hacked evasion persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral6

Sample

nj.exe

Resource

win10v2004-20240611-en

njrat hacked evasion persistence trojan

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral7

Sample

rv.exe

Resource

win7-20240611-en

revengerat guest persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral8

Sample

rv.exe

Resource

win10v2004-20240611-en

revengerat guest persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

awaisawan.zapto.org:5555

Mutex

3484533e95ad86b4adeee88c1907dded

Attributes

reg_key
3484533e95ad86b4adeee88c1907dded
splitter
|'|'|

Extracted

Family

revengerat

Botnet

Guest

C2

awaisawan.zapto.org:333

Mutex

Random

Targets

- Target
  
  Requirements.scr
- Size
  
  441KB
- MD5
  
  d82b4741a531e77f34865a604f1de729
- SHA1
  
  44b7ae953c1c1c60388e7000f6a3060dddc840c0
- SHA256
  
  ca636454ca70c9c0a53cd597603cfae9138281d45b6c22015a59271be06d8885
- SHA512
  
  bc77a89ae2e9671761316f06ae405a4f325b6286066ecb3421619a17fb348bc0eeb485fa3cc653039fc542b7785d082400c2e67680f051f5ab074bee709754c5
- SSDEEP
  
  6144:snx1jC2vG03dvpMsFPDb1pijBfSKtAAFewda/RQMjhpeKqNFubV:edpVhDZwjBf3SA0wdwQMyKqix
Score

10^/10

njrat revengerat guest hacked evasion persistence trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  Requirements.docx
- Size
  
  13KB
- MD5
  
  0831b8fbfb0112a869197026cfc22d0d
- SHA1
  
  644a54282a7b2a68442ece836208c8e61229c881
- SHA256
  
  a6ab401737ef183ba8dafce28e2e9737739139c61a4f7a51945324b76dd73d20
- SHA512
  
  2f9722cee67fcdee4aeaeca962612c459492df2a73601f8c40ac9e7cbf90536fbfe38c640fc2fc728da93e5cd5358931c233077e6e6d7e4c4333e3b4ed3c65ae
- SSDEEP
  
  192:TDtmpXYyx/LkMxurg+qA8XAN+BCpBgNu9NRufcoX1qDiKCcp8VmZCJHX:TDCXYyVLZ2WXA4ASNu9yc/eKCg8YZo3
Score

4^/10
behavioral3 behavioral4
- Target
  
  nj.exe
- Size
  
  459KB
- MD5
  
  03c4bd9a3cb44bf49f329fe04e93f537
- SHA1
  
  257dfb6782bc40e9878ada68f350fd8cce2179fb
- SHA256
  
  20c1815d9eecee28c6b86ac3e302756c8e4dbc5963d7d8df431e86f5d1dc41e0
- SHA512
  
  c91666311b655e3f9c213f3aa9d1d72c7610bfda227b5da0d8c5f17f56c16357f5f9224e831fe77f23ef66c8391a4a5e416d9b8f78dcc477a82a84fe5569c97c
- SSDEEP
  
  384:b16KdcoFfsOxQrSuxY8OR1XOg9rXredQ0xtX76i7eaFcwaekfLpOhqVNOXu:ddcoFLxQrS0Yv5OaXyQeV6i7fcB5fOu
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral5 behavioral6
- Target
  
  rv.exe
- Size
  
  386KB
- MD5
  
  2602c258d3fe5647f4f039b644abeaa6
- SHA1
  
  f733131b769735c82c56dd5b3f6aef4e3cabac9b
- SHA256
  
  ab682dce500913302f75c0cccc9f049fc3fa70b16b5de99788fb9cd520f47d3d
- SHA512
  
  db0aa91cbf071fa12951a5b9eeb6610aea3917edd93465863cdeafb939cc5ac9088fee8f64e96d375a428f236bbb589953e60cef3ff50ae2697940d12eba90c6
- SSDEEP
  
  384:re6KdcoFfsOxQrSuxY8OR1XOg9rPdQ0qphKBXnMTismaFcwadkfLpOhqqSOpFC:+dcoFLxQrS0Yv5OaVQ52eisHcBKv2C
Score

10^/10

revengerat guest persistence trojan
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratrevengeratguesthackedevasionpersistencetrojan

behavioral2

njratrevengeratguesthackedevasionpersistencetrojan

behavioral3

behavioral4

behavioral5

njrathackedevasionpersistencetrojan

behavioral6

njrathackedevasionpersistencetrojan

behavioral7

revengeratguestpersistencetrojan

behavioral8

revengeratguestpersistencetrojan

© 2018-2024

Terms | Privacy