njrat v0.7d.exe

njRAT

njq8

The executable njrat v0.7d.exe has been detected as malware by 29 anti-virus scanners. This is a setup program which is used to install the application. While running, it connects to the Internet address 94-78-97-168.nethouse.net on port 50479.
Publisher:
njq8

Product:
njRAT

Version:
0.7.0.0

MD5:
473e1a7be89c3a727176d4f9f5a64b69

SHA-1:
501eb2c1432ff2b4e5ff582ad82d0fca152adebc

SHA-256:
bf853789b938bdc5da8aaeb52511379a332c7cf238266a21bfcb0318a62e85cb

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
11/24/2024 2:13:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.368593
5745189

Agnitum Outpost
Trojan.Strictor
7.1.1

Avira AntiVirus
TR/Strictor.43694
7.11.121.86

avast!
MSIL:Agent-DAG [Trj]
150810-3

AVG
Trojan horse MSIL.CBPS
2014.0.4015

Baidu Antivirus
Trojan.MSIL.Bladabindi
4.0.3.131223

Bitdefender
Gen:Variant.Strictor.43694
1.0.20.1785

Clam AntiVirus
Win.Trojan.Agent-836965
0.98/20927

Comodo Security
UnclassifiedMalware
17482

Dr.Web
BackDoor.Bladabindi.6200
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Kazy.368593
10.0.0.5366

ESET NOD32
MSIL/Bladabindi.AN trojan
7.0.302.0

Fortinet FortiGate
MSIL/Bladabindi.AN!tr
12/23/2013

F-Prot
W32/Trojan2.ONHY
4.6.5.141

F-Secure
Gen:Variant.Kazy.368593
5.14.151

G Data
Gen:Variant.Strictor.43694
13.12.22

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10588

Kaspersky
Trojan.MSIL.Agent
15.0.0.463

McAfee
Artemis!473E1A7BE89C
5600.7273

Microsoft Security Essentials
Threat.Undefined
1.183.1427.0

MicroWorld eScan
Gen:Variant.Strictor.43694
14.0.0.1071

Norman
Gen:Variant.Kazy.368593
04.08.2015 10:30:46

Panda Antivirus
Suspicious file
13.12.23.11

Reason Heuristics
Unnamed.Threat.14
14.3.3.12

SUPERAntiSpyware
Trojan.Agent/Gen-Falcomp[i]
10890

Trend Micro House Call
TROJ_GEN.R0CBB01LF13
7.2.357

VIPRE Antivirus
Trojan.Win32.Generic
24632

XVirus List
Win.Detected
2.3.31

File size:
1.6 MB (1,723,904 bytes)

Product version:
0.7.0.0

Copyright:
Copyright © njq8 2013

Original file name:
njRAT.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
12/12/2013 4:44:36 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:IB4Uzr6UeRmmZg8ADHWsJuFfo5jYbYzHSG/UpnMUnFz3Y/l0:7w+

Entry address:
0x19E456

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.6 MB (1,689,088 bytes)

Windows Firewall Allowed Program
Name:
E:\New Folder (2)\fichiers darkomet\njRAT v0.7d\njRAT v0.7d.exe


The file njrat v0.7d.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to PC068  (175.124.141.78:4566)

TCP:
Connects to ivlz-186-233-221-140.iveloz.net.br  (186.233.221.140:49916)

TCP:
Connects to host-41.43.66.36.tedata.net  (41.43.66.36:62813)

TCP:
Connects to host-41.237.5.120.tedata.net  (41.237.5.120:57450)

TCP:
Connects to host-41.235.111.164.tedata.net  (41.235.111.164:64087)

TCP:
Connects to host-41.234.212.188.tedata.net  (41.234.212.188:12204)

TCP:
Connects to host-197.52.142.128.tedata.net  (197.52.142.128:4014)

TCP:
Connects to host-197.48.225.105.tedata.net  (197.48.225.105:53603)

TCP:
Connects to host-197.41.85.104.tedata.net  (197.41.85.104:50487)

TCP:
Connects to host-197.41.224.101.tedata.net  (197.41.224.101:54871)

TCP:
Connects to host-197.35.196.153.tedata.net  (197.35.196.153:49699)

TCP:
Connects to host-197.33.12.38.tedata.net  (197.33.12.38:15100)

TCP:
Connects to host-156.222.201.62-static.tedata.net  (156.222.62.201:62972)

TCP:
Connects to host-156.222.10.211-static.tedata.net  (156.222.211.10:50623)

TCP:
Connects to host-156.218.246.164-static.tedata.net  (156.218.164.246:50401)

TCP:
Connects to host-156.218.142.81-static.tedata.net  (156.218.81.142:49159)

TCP:
Connects to host-156.211.174.101-static.tedata.net  (156.211.101.174:53105)

TCP:
Connects to host-156.211.116.30-static.tedata.net  (156.211.30.116:59445)

TCP:
Connects to host-156.208.147.51-static.tedata.net  (156.208.51.147:2852)

TCP:
Connects to host-156.205.45.237-static.tedata.net  (156.205.237.45:54657)

Remove njrat v0.7d.exe - Powered by Reason Core Security