njRAT.exe Report
In this exercise, I analyzed a Remote Access Trojan binary, njRAT.exe, sourced from the Zoo malware repository on GitHub. Analysis revealed that the sample was originally compiled in 2013 as EnKSaR.HaCKeR.exe. The malware is designed to grant an attacker remote control over a victim's computer. My analysis revealed that, upon execution, the sample launched additional payloads, including njRAT.exe, njq8.exe, and windows.exe. The second-stage payload, njq8.exe, generated windows.exe, adding itself to the Windows Firewall exceptions and listening to port 1177 for a remote connection. Simulating an attack from a Remnux machine, I connected to the open port and observed the malware recording system details, such as architecture, date, and active applications.