njrat | fc960e98dee6286927405864b8d0f7044eb5241f3e8523fb186e44633ea4e303 | Triage

Sharing

General

Target

PO #KV18RE001-A5871.pif.exe
Size

149KB
Sample

210921-xr3dqachgp
MD5

25d8edcbfc7380216bb0ef29d66e8ff1
SHA1

b24f4b08cf73da046421ec55b2520b1e89e9400b
SHA256

fc960e98dee6286927405864b8d0f7044eb5241f3e8523fb186e44633ea4e303
SHA512

0814f303286b6e42fc8ebf3cced57f1c5b52d9c83a41118b181a525c16d6da18a61119c8fc2c5a53102839de45727416bb9bea13638e798612b564baa893d0c2

Score

10^/10

njrat evasion suricata trojan

Malware Config

Targets

- Target
  
  PO #KV18RE001-A5871.pif.exe
- Size
  
  149KB
- MD5
  
  25d8edcbfc7380216bb0ef29d66e8ff1
- SHA1
  
  b24f4b08cf73da046421ec55b2520b1e89e9400b
- SHA256
  
  fc960e98dee6286927405864b8d0f7044eb5241f3e8523fb186e44633ea4e303
- SHA512
  
  0814f303286b6e42fc8ebf3cced57f1c5b52d9c83a41118b181a525c16d6da18a61119c8fc2c5a53102839de45727416bb9bea13638e798612b564baa893d0c2
Score

10^/10

njrat evasion suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasionsuricatatrojan

behavioral2

njratevasionsuricatatrojan