njrat | afaef621f4e840cc036ae85f16c580b6161299f13f3501e2851a3ec633085285

General

Target

afaef621f4e840cc036ae85f16c580b6161299f13f3501e2851a3ec633085285.bin
Size

28KB
Sample

211013-sgg8ksecam
MD5

dd92bc172ce822c6ce679dec7e7176cb
SHA1

deae3ad3cc81833c3008bb475ae4c355d750b3e7
SHA256

afaef621f4e840cc036ae85f16c580b6161299f13f3501e2851a3ec633085285
SHA512

007e8736c4ad2061f804183154c7e0da7c4f3b958281a1c67bba71684a06ace998f08fa5279120adfdf0ca781aeefa51d366619c076ef869b6830b0bba78627b

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

abcdefg434334.zapto.org:80

Mutex

f5e4f66c2c5505e6ad7b0b5bee0f0a9a

Attributes

reg_key
f5e4f66c2c5505e6ad7b0b5bee0f0a9a
splitter
|'|'|

Targets

- Target
  
  afaef621f4e840cc036ae85f16c580b6161299f13f3501e2851a3ec633085285.bin
- Size
  
  28KB
- MD5
  
  dd92bc172ce822c6ce679dec7e7176cb
- SHA1
  
  deae3ad3cc81833c3008bb475ae4c355d750b3e7
- SHA256
  
  afaef621f4e840cc036ae85f16c580b6161299f13f3501e2851a3ec633085285
- SHA512
  
  007e8736c4ad2061f804183154c7e0da7c4f3b958281a1c67bba71684a06ace998f08fa5279120adfdf0ca781aeefa51d366619c076ef869b6830b0bba78627b
Score

10^/10

njrat hacked evasion persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Bladabindi/njrat CnC Checkin
  suricata: ET MALWARE Bladabindi/njrat CnC Checkin
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

njRAT/Bladabindi

suricata: ET MALWARE Bladabindi/njrat CnC Checkin

Executes dropped EXE

Modifies Windows Firewall

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2