njrat | e5a4e8eda9d21d29b21f4d665823cdcbf9fb7004c8a4e6f74df126249b46c67f | Triage

Sharing

General

Target

a872f0414e0834acab687a8beb9b3a6b.exe
Size

43KB
Sample

211026-je9elshghr
MD5

a872f0414e0834acab687a8beb9b3a6b
SHA1

3c5e60d56a0fe1378453e38ee4be9a589f3f6f83
SHA256

e5a4e8eda9d21d29b21f4d665823cdcbf9fb7004c8a4e6f74df126249b46c67f
SHA512

22c82bfdf3026e000bbbc2601598a55402ddcf73cdee1a36a94b2f2669bb9d2926f9dbb78d2d8a1be2c0b08c86b5085bc8e2971663e69ec8d559caf5088be8db

Score

10^/10

njrat ???persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

???

C2

0.tcp.ngrok.io:15651

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  a872f0414e0834acab687a8beb9b3a6b.exe
- Size
  
  43KB
- MD5
  
  a872f0414e0834acab687a8beb9b3a6b
- SHA1
  
  3c5e60d56a0fe1378453e38ee4be9a589f3f6f83
- SHA256
  
  e5a4e8eda9d21d29b21f4d665823cdcbf9fb7004c8a4e6f74df126249b46c67f
- SHA512
  
  22c82bfdf3026e000bbbc2601598a55402ddcf73cdee1a36a94b2f2669bb9d2926f9dbb78d2d8a1be2c0b08c86b5085bc8e2971663e69ec8d559caf5088be8db
Score

10^/10

njrat ???persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrat???persistencesuricatatrojan

behavioral2

njrat???persistencesuricatatrojan