njrat | dac1dc3a6ccefe51ee7d3346b43ee90aeb924c79ac0a12e7d3b20b49d168479a | Triage

Sharing

General

Target

a49637acb8f867866fc338b878145b3c.exe
Size

103KB
Sample

210904-we54eahefj
MD5

a49637acb8f867866fc338b878145b3c
SHA1

1d00ebe1334ff83baed5c5088977199dd3a2067d
SHA256

dac1dc3a6ccefe51ee7d3346b43ee90aeb924c79ac0a12e7d3b20b49d168479a
SHA512

6965f4a7006767ecc18915f97f25e9f648cfde188ced651a645e2dee56da6eb1020143c809b28e032c95126111453b60796193148bf17800e08776d07982e03e

Score

10^/10

njrat dlbyte evasion suricata trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

dlbyte

C2

8.tcp.ngrok.io:11904

Mutex

77d2e2c7d5fea9d8d12fca7c2a7a3030

Attributes

reg_key
77d2e2c7d5fea9d8d12fca7c2a7a3030
splitter
|'|'|

Targets

- Target
  
  a49637acb8f867866fc338b878145b3c.exe
- Size
  
  103KB
- MD5
  
  a49637acb8f867866fc338b878145b3c
- SHA1
  
  1d00ebe1334ff83baed5c5088977199dd3a2067d
- SHA256
  
  dac1dc3a6ccefe51ee7d3346b43ee90aeb924c79ac0a12e7d3b20b49d168479a
- SHA512
  
  6965f4a7006767ecc18915f97f25e9f648cfde188ced651a645e2dee56da6eb1020143c809b28e032c95126111453b60796193148bf17800e08776d07982e03e
Score

10^/10

njrat dlbyte evasion suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratdlbyteevasionsuricatatrojan

behavioral2

njratdlbyteevasionsuricatatrojan