njRAT Malware Analysis
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Windows Service - T1543.003 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | d1ecd719-404f-40de-8568-3731221ade57 |
| Fingerprint | ef381916bd330780 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 21, 2020, 2:43 a.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Malware Analysis |
| Title | njRAT Malware Analysis |
| Detected Hints/Tags/Attributes | 28/1/15 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://malwr-analysis.com/2020/06/21/njrat-malware-analysis/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 911 | any.run |
|
| Details | File | 6 | sbiectrl.exe |
|
| Details | File | 71 | wireshark.exe |
|
| Details | File | 4 | wk.exe |
|
| Details | File | 64 | procexp.exe |
|
| Details | File | 1 | prex.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 3 | tools.exe |
|
| Details | File | 1 | c:\users\ieuser\appdata\roaming\svchost.exe |
|
| Details | File | 1 | c:\tools.exe |
|
| Details | File | 1 | c:\users\appdata\roaming\microsoft\windows\start menu\programs\startup\e84128b2e0547d1dd1f8090d86c80c48.exe |
|
| Details | File | 1 | e84128b2e0547d1dd1f8090d86c80c48.exe |
|
| Details | md5 | 1 | 88e085572a182ca102676676ec0ef802 |
|
| Details | md5 | 1 | e84128b2e0547d1dd1f8090d86c80c48 |
|
| Details | Windows Registry Key | 582 | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |