njrat | bac012a32743dde9c413005e56b3a9ab7874af2cf7a67ee9ba6b7c2ca0f687ea | Triage

Submit
Reports

Overview

overview

Static

static

bac012a327...ea.exe

windows7_x64

5

bac012a327...ea.exe

windows10_x64

Sharing

General

Target

bac012a32743dde9c413005e56b3a9ab7874af2cf7a67ee9ba6b7c2ca0f687ea
Size

47KB
Sample

210907-gxpf2sfcdl
MD5

268c50b286c5e44c889b6c5489e9d337
SHA1

addbcadf2d4b2d59ff434deed3ce5605ec7dd35e
SHA256

bac012a32743dde9c413005e56b3a9ab7874af2cf7a67ee9ba6b7c2ca0f687ea
SHA512

71c240d4598131e1f78ae09042b7e4883713d5b94001cf3634543941e1cffa3efa8890d3c75d8b10f9ec368e3c4fb27fdd929228120ad1eaaff32159fa8a25f6

Score

10^/10

njrat hacked evasion suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

bac012a32743dde9c413005e56b3a9ab7874af2cf7a67ee9ba6b7c2ca0f687ea.exe

Resource

win7-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bac012a32743dde9c413005e56b3a9ab7874af2cf7a67ee9ba6b7c2ca0f687ea.exe

Resource

win10v20210408

njrat hacked evasion suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

joker3.publicvm.com:1177

Mutex

15ead12f68fe505287e8638b19794a4d

Attributes

reg_key
15ead12f68fe505287e8638b19794a4d
splitter
|'|'|

Targets

- Target
  
  bac012a32743dde9c413005e56b3a9ab7874af2cf7a67ee9ba6b7c2ca0f687ea
- Size
  
  47KB
- MD5
  
  268c50b286c5e44c889b6c5489e9d337
- SHA1
  
  addbcadf2d4b2d59ff434deed3ce5605ec7dd35e
- SHA256
  
  bac012a32743dde9c413005e56b3a9ab7874af2cf7a67ee9ba6b7c2ca0f687ea
- SHA512
  
  71c240d4598131e1f78ae09042b7e4883713d5b94001cf3634543941e1cffa3efa8890d3c75d8b10f9ec368e3c4fb27fdd929228120ad1eaaff32159fa8a25f6
Score

10^/10

njrat hacked evasion suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
  suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njrathackedevasionsuricatatrojan

© 2018-2024

Terms | Privacy