njrat | 8e8732b9bebc8382e938b48697e79feb4b06528df41fd855b540dce788f6d8b3 | Triage

Sharing

General

Target

8E8732B9BEBC8382E938B48697E79FEB4B06528DF41FD.exe
Size

23KB
Sample

211005-hgfpmshfcq
MD5

c7b942aee6ebe5d43a3b7398eda1f0ee
SHA1

11a0690bd6158cbcc5ddb55282751689df0538ed
SHA256

8e8732b9bebc8382e938b48697e79feb4b06528df41fd855b540dce788f6d8b3
SHA512

9ce157ef003f80a0b8a88a32bb91d5138a5ead35340ea7bd513a79487cc33fcb830334449015805ef4bf0ae30bdd42eac0c23339129f448e1e945ef7fe50323a

Score

10^/10

njrat mybot evasion persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

167.71.56.116:22232

Mutex

290df5fa05cb4394e161de39f67a971b

Attributes

reg_key
290df5fa05cb4394e161de39f67a971b
splitter
|'|'|

Targets

- Target
  
  8E8732B9BEBC8382E938B48697E79FEB4B06528DF41FD.exe
- Size
  
  23KB
- MD5
  
  c7b942aee6ebe5d43a3b7398eda1f0ee
- SHA1
  
  11a0690bd6158cbcc5ddb55282751689df0538ed
- SHA256
  
  8e8732b9bebc8382e938b48697e79feb4b06528df41fd855b540dce788f6d8b3
- SHA512
  
  9ce157ef003f80a0b8a88a32bb91d5138a5ead35340ea7bd513a79487cc33fcb830334449015805ef4bf0ae30bdd42eac0c23339129f448e1e945ef7fe50323a
Score

10^/10

njrat mybot evasion persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratmybotevasionpersistencesuricatatrojan