Technical Information
Malicious functions:
Creates and executes the following:
- '%TEMP%\njRAT.exe'
Executes the following:
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\njRAT.exe" "njRAT.exe" ENABLE
Modifies file system :
Creates the following files:
- %TEMP%\njRAT.exe
Network activity:
UDP:
- DNS ASK ha######iali22.no-ip.biz
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'