njrat | 71078d7cf6428403d8e6298613b1d2932d16129a0e033f0c008abd7fb194ba80

General

Target

71078D7CF6428403D8E6298613B1D2932D16129A0E033.exe
Size

222KB
Sample

211107-b1tmaadhar
MD5

9ba09fe66a6c0f30ccc1800487e14a33
SHA1

56a97a459acf4cd6403eaa174944f1d1db7957c6
SHA256

71078d7cf6428403d8e6298613b1d2932d16129a0e033f0c008abd7fb194ba80
SHA512

88679b1b788741d52c1a2d443fe4906231d1c7b7aa475bf1b22465d1e51001902f9d42aebc74680217cc69ecb79dbe1bad1e4962452b6416ae8071e6feb310b1

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

180721

C2

185.222.57.203:2282

Mutex

866d16940c2b513b37047e4f825bb8ff

Attributes

reg_key
866d16940c2b513b37047e4f825bb8ff
splitter
|'|'|

Targets

- Target
  
  71078D7CF6428403D8E6298613B1D2932D16129A0E033.exe
- Size
  
  222KB
- MD5
  
  9ba09fe66a6c0f30ccc1800487e14a33
- SHA1
  
  56a97a459acf4cd6403eaa174944f1d1db7957c6
- SHA256
  
  71078d7cf6428403d8e6298613b1d2932d16129a0e033f0c008abd7fb194ba80
- SHA512
  
  88679b1b788741d52c1a2d443fe4906231d1c7b7aa475bf1b22465d1e51001902f9d42aebc74680217cc69ecb79dbe1bad1e4962452b6416ae8071e6feb310b1
Score

10^/10

njrat 180721 evasion persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

njRAT/Bladabindi

suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

Executes dropped EXE

Modifies Windows Firewall

Drops startup file

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2