njrat | 01ed7a66bff8a0ab10c7e63fd6dee79b97f79e321648d8be9b8c374cbb998a22 | Triage

Sharing

General

Target

900b9c744b8519061ba55671ae1589cd215f1189eb64fc170cc7889196a53c78.bin.sample.gz
Size

11KB
Sample

211028-1k5gaahacq
MD5

03170c51b974935bda09cfdfe9c50ad7
SHA1

f7654a348a9afc6f888e0d7e7560ee3bf99eadd3
SHA256

01ed7a66bff8a0ab10c7e63fd6dee79b97f79e321648d8be9b8c374cbb998a22
SHA512

8632d344a82dbca81d6e201265fcc8296f9831b6840acd8cd1830fba752c0666c9f5176708a4270eab69e66abc466e1b45cdfc573946159a945ed7a2b1aa1e7c

Score

10^/10

njrat now evasion suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Now

C2

top.killwhenabusing1.xyz:2004

Mutex

6db98419ccbf0cb5969083f3317130d0

Attributes

reg_key
6db98419ccbf0cb5969083f3317130d0
splitter
|'|'|

Targets

- Target
  
  sample
- Size
  
  117KB
- MD5
  
  be2c337fdf0551ffc4abfe4385599421
- SHA1
  
  0852bd21f78d09729385358f6db9d314899ffdf4
- SHA256
  
  900b9c744b8519061ba55671ae1589cd215f1189eb64fc170cc7889196a53c78
- SHA512
  
  7196b87b7523989157131842afd70b9943d3c446e891ea7f270b2eee9f58601be8f443838b34a3d29c1fff430c8b91d40b431c541f7ce6e2ac7b9abd2fce0773
Score

10^/10

njrat now evasion suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Blocklisted process makes network request
- Modifies Windows Firewall
  evasion
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratnowevasionsuricatatrojan