njrat | 81f7a0f726f4001c9e4e7d67ba9ab6c3f45139887dabe78f6e3d04dd2b0557e2 | Triage

Sharing

General

Target

Invoice #09747583900.exe
Size

635KB
Sample

210911-vj78wsefaq
MD5

027ed8a97dd1dd28cc73c9edf4ec89ab
SHA1

131efcf3ee4e6f0629027066ab002355c2f20a00
SHA256

81f7a0f726f4001c9e4e7d67ba9ab6c3f45139887dabe78f6e3d04dd2b0557e2
SHA512

0c6b3606b56fe7662895783a1512ca62290697049230433ca645e953218bce1311e5dd970dbb30b0a575ef1e0398e5874d602c9f6313f64e2b245a02ff55d497

Score

10^/10

njrat ahkey_000_sat suricata trojan

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

AhKey_000_Sat

C2

cdanger492.duckdns.org:4480

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  Invoice #09747583900.exe
- Size
  
  635KB
- MD5
  
  027ed8a97dd1dd28cc73c9edf4ec89ab
- SHA1
  
  131efcf3ee4e6f0629027066ab002355c2f20a00
- SHA256
  
  81f7a0f726f4001c9e4e7d67ba9ab6c3f45139887dabe78f6e3d04dd2b0557e2
- SHA512
  
  0c6b3606b56fe7662895783a1512ca62290697049230433ca645e953218bce1311e5dd970dbb30b0a575ef1e0398e5874d602c9f6313f64e2b245a02ff55d497
Score

10^/10

njrat ahkey_000_sat suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratahkey_000_satsuricatatrojan

behavioral2

njratahkey_000_satsuricatatrojan