analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

NjRat_0.7D_Golden_Edition.rar

Full analysis: https://app.any.run/tasks/809a114e-a43e-420c-a62b-e8809efe8490
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Malware Trends Tracker     >>>
Analysis date: January 24, 2022, 22:16:17
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
SecurityXploded
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

FB50983AF532A14BA07B2A7409FDD90B

SHA1:

C63C2F4F5A4CB82E82581868885F893B13BE3C8E

SHA256:

0C7ABD93F50D3AE417764D5AA63366A35627DC37C91E251884964F6BAA28FC93

SSDEEP:

98304:lOaZQX4wckOJpE00vv4wOaZQX4ccvOJeEq0vvzM:xKX4nkeLhOKX4TveQKM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Detected SecurityXploded stealer

      • WinRAR.exe (PID: 3380)

    • Loads dropped or rewritten executable

      • NjRat 0.7D Golden Edition - Rus.exe (PID: 3068)

    • Application was dropped or rewritten from another process

      • NjRat 0.7D Golden Edition - Rus.exe (PID: 3068)
      • Server.exe (PID: 3712)

  • SUSPICIOUS

    • Checks supported languages

      • NjRat 0.7D Golden Edition - Rus.exe (PID: 3068)
      • WinRAR.exe (PID: 3380)
      • Server.exe (PID: 3712)

    • Reads the computer name

      • WinRAR.exe (PID: 3380)
      • NjRat 0.7D Golden Edition - Rus.exe (PID: 3068)
      • Server.exe (PID: 3712)

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 3380)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3380)
      • NjRat 0.7D Golden Edition - Rus.exe (PID: 3068)

    • Drops a file with a compile date too recent

      • NjRat 0.7D Golden Edition - Rus.exe (PID: 3068)

    • Reads Environment values

      • NjRat 0.7D Golden Edition - Rus.exe (PID: 3068)

  • INFO

    • Manual execution by user

      • Server.exe (PID: 3712)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start #SECURITYXPLODED winrar.exe njrat 0.7d golden edition - rus.exe server.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3380"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NjRat_0.7D_Golden_Edition.rar"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
3068"C:\Users\admin\AppData\Local\Temp\Rar$EXa3380.24477\NjRat 0.7D Golden Edition - Rus.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3380.24477\NjRat 0.7D Golden Edition - Rus.exe
WinRAR.exe
User:
admin
Company:
Njrat 0.7d Golden Edition
Integrity Level:
MEDIUM
Description:
Njrat 0.7d Golden Edition
Version:
7.1.0.0
3712"C:\Users\admin\Desktop\Server.exe" C:\Users\admin\Desktop\Server.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Total events
3 584
Read events
3 487
Write events
0
Delete events
0

Modification events

No data
Executable files
33
Suspicious files
2
Text files
32
Unknown types
2

Dropped files

PID
Process
Filename
Type
3380WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3380.24477\NjRat 0.7D Golden Edition\Plugin\sc2.dllexecutable
MD5:9C8B5C9EC7D24EF02C7DF4E589DBA366
SHA256:F97AADB4D1C59F4B3155A9EC57F91A05700AED38B0090096F8F1E0E7975B6561
3380WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3380.24477\NjRat 0.7D Golden Edition\stubs\dlnormal.binexecutable
MD5:2B53E572879A63AAA6AB032221A24D99
SHA256:0E36C6FBBC68953D2702C3D5F84EEB35912CE9A53AADF467F8DF60FAF51A7F5E
3380WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3380.24477\NjRat 0.7D Golden Edition\stubs\Anti.binexecutable
MD5:2170473F4F2B81E9B909996B0F459D16
SHA256:01D0BEDCC943E13E341578423A2FC6848D9F63F1C5800B9A16BD64F65A1FCDDE
3380WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3380.24477\NjRat 0.7D Golden Edition\stubs\Bsod.eggtext
MD5:F8320B26D30AB433C5A54546D21F414C
SHA256:60A33E6CF5151F2D52EDDAE9685CFA270426AA89D8DBC7DFB854606F1D1A40FE
3380WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3380.24477\NjRat 0.7D Golden Edition\Plugin\plg.dllexecutable
MD5:04CB30A874EE349721B0398594DE65FE
SHA256:6F8770A35EC0845226A28DD57C8AE414DC8814A6871BD0BB818BB13CA3B82106
3380WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3380.24477\NjRat 0.7D Golden Edition\Plugin\mic.dllexecutable
MD5:1607999C56366FC2096A27A8BD237B98
SHA256:7D327985D7E4F83ADFFBDF831C1E999C68CB90238790B63260AF19D24BFA66B8
3380WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3380.24477\NjRat 0.7D Golden Edition\stubs\copy.eggtext
MD5:F8320B26D30AB433C5A54546D21F414C
SHA256:60A33E6CF5151F2D52EDDAE9685CFA270426AA89D8DBC7DFB854606F1D1A40FE
3380WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3380.24477\NjRat 0.7D Golden Edition\GeoIP.datbinary
MD5:797B96CC417D0CDE72E5C25D0898E95E
SHA256:8A0675001B5BC63D8389FC7ED80B4A7B0F9538C744350F00162533519E106426
3380WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3380.24477\NjRat 0.7D Golden Edition\stubs\Exe.eggtext
MD5:D81891C69F5B8E60DB91A41BE4249C8E
SHA256:21A79C05C0F8307C51271987D8F78C2BE7ADC0BA1882CFF03D9BE82255E09DD5
3380WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3380.24477\NjRat 0.7D Golden Edition\stubs\mpress.exeexecutable
MD5:5971FAD7714665F1B8A5BF32E79722EA
SHA256:D918736736809C36FEF0E4DB3F7B303E7B6D2E542C4B7B7584244DC12403A1A2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
NjRat_0.7D_Golden_Edition.rar