njrat | 34f778359bb71ac8bcf04edb0d48e9f4209fea9fa79c273fc3669c5e94042a5b | Triage

Sharing

General

Target

Payment On Account.vbs
Size

3KB
Sample

210915-tqsw4seadn
MD5

7ad432e7164dcff056883fe786d9fb7b
SHA1

0985f8d96a8e972ad6a8fef0f8ca6774f13c1373
SHA256

34f778359bb71ac8bcf04edb0d48e9f4209fea9fa79c273fc3669c5e94042a5b
SHA512

7b7a977cd1bdfd9e302ea0989e53bc1de1efe267693d850193617a4744e0049d73ec0aaca7897465fb5e00d1f74588929fcb259adc3ac6f7edb330637f0b742c

Score

10^/10

njrat hacked evasion suricata trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://54.184.87.30/jbypass.txt

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

103.147.184.73:8319

Mutex

98d5ec0a408febb60524eab801ba601c

Attributes

reg_key
98d5ec0a408febb60524eab801ba601c
splitter
|'|'|

Targets

- Target
  
  Payment On Account.vbs
- Size
  
  3KB
- MD5
  
  7ad432e7164dcff056883fe786d9fb7b
- SHA1
  
  0985f8d96a8e972ad6a8fef0f8ca6774f13c1373
- SHA256
  
  34f778359bb71ac8bcf04edb0d48e9f4209fea9fa79c273fc3669c5e94042a5b
- SHA512
  
  7b7a977cd1bdfd9e302ea0989e53bc1de1efe267693d850193617a4744e0049d73ec0aaca7897465fb5e00d1f74588929fcb259adc3ac6f7edb330637f0b742c
Score

10^/10

njrat hacked evasion suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Blocklisted process makes network request
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionsuricatatrojan

behavioral2

njrathackedevasionsuricatatrojan