njRAT Installed from a MSI
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID bd44896e-2059-4512-98f6-91dc0d870b34
Fingerprint b3003b206c202af7
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 3, 2022, midnight
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline njRAT Installed from a MSI
Title njRAT Installed from a MSI
Detected Hints/Tags/Attributes 28/1/26
Source URLs
Redirection Url
Details Source https://forensicitguy.github.io/njrat-installed-from-msi/
URL Provider
Details Provider Source level domain
Details github.io forensicitguy.github.io
Attributes
Details Type #Events CTI Value
Details Domain 93 
bazaar.abuse.ch
Details Domain 5 
www.exemsi.com
Details Domain 2 
exemsi.com
Details Domain 53 
oledump.py
Details Domain 56 
vb.net
Details Domain 228 
system.io
Details Domain 3 
files.cab
Details File 1 
mal.msi
Details File 11 
www.exe
Details File 49 
oledump.py
Details File 5 
er.exe
Details File 8 
3.dat
Details File 53 
server.exe
Details File 2 
decompiled.cs
Details File 9 
system.config
Details File 6 
4.dat
Details File 1 
msicustomactions.dll
Details File 1 
ranked_floss.txt
Details File 3 
files.cab
Details File 1 
msiwrapper.ini
Details File 2126 
cmd.exe
Details File 40 
msi.dll
Details sha256 1 
1f95063441e9d231e0e2b15365a8722c5136c2a6fe2716f3653c260093026354
Details IPv4 2 
10.0.50.0
Details Pdb 1 
c:\ss2\projects\msiwrapper\msicustomactions\release\msicustomactions.pdb
Details Url 1 
https://bazaar.abuse.ch/sample/1f95063441e9d231e0e2b15365a8722c5136c2a6fe2716f3653c260093026354/.