njrat | 566e2f01abcfcd6c7b757449819a52e6956f31d389a1b4c6f9dfbf443a97874c | Triage

Submit
Reports

Overview

overview

Static

static

7355d1a43f...b0.exe

windows7_x64

7355d1a43f...b0.exe

windows10_x64

Sharing

General

Target

7355d1a43f1d438e09eebff0c90211b0.exe
Size

227KB
Sample

211105-nxbcragggj
MD5

7355d1a43f1d438e09eebff0c90211b0
SHA1

4d6ca4321e87d5381ceeb1b60c300b7ab69ef30a
SHA256

566e2f01abcfcd6c7b757449819a52e6956f31d389a1b4c6f9dfbf443a97874c
SHA512

867b8beda9c79d09cd40267f254f3134a5a8837cd195c1324a938fa17e53521910f0cc3b038a4676ce84c87bd475778a1900ea80ed03850b3ac7f4141ecbef2e

Score

10^/10

njrat directx evasion persistence suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

7355d1a43f1d438e09eebff0c90211b0.exe

Resource

win7-en-20211104

njrat directx evasion persistence suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7355d1a43f1d438e09eebff0c90211b0.exe

Resource

win10-en-20211014

evasion suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

DirectX

C2

20.79.249.125:1604

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  7355d1a43f1d438e09eebff0c90211b0.exe
- Size
  
  227KB
- MD5
  
  7355d1a43f1d438e09eebff0c90211b0
- SHA1
  
  4d6ca4321e87d5381ceeb1b60c300b7ab69ef30a
- SHA256
  
  566e2f01abcfcd6c7b757449819a52e6956f31d389a1b4c6f9dfbf443a97874c
- SHA512
  
  867b8beda9c79d09cd40267f254f3134a5a8837cd195c1324a938fa17e53521910f0cc3b038a4676ce84c87bd475778a1900ea80ed03850b3ac7f4141ecbef2e
Score

10^/10

njrat directx evasion persistence suricata trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Turns off Windows Defender SpyNet reporting
  evasion
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Nirsoft
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Disabling Security Tools

Bypass User Account Control

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratdirectxevasionpersistencesuricatatrojan

behavioral2

evasionsuricatatrojan

© 2018-2024

Terms | Privacy