njrat | 5320400539e21be4eee7c8adc75f045b957d5696007adb23c0f390bcfdfea9cc | Triage

Sharing

General

Target

5320400539E21BE4EEE7C8ADC75F045B957D5696007AD.exe
Size

37KB
Sample

211118-l175sacchj
MD5

cd1ba87e58f7a1c7dbd1dfc3c9b027a2
SHA1

c05f65395e32da15608b008ea9d6f1feff90d3e5
SHA256

5320400539e21be4eee7c8adc75f045b957d5696007adb23c0f390bcfdfea9cc
SHA512

d079c4870e8c3a0829ab8e6d5f261e231179041390ef4a93d9faffe4450b9ea22338cdbd9a8c57672b40fe25c517baf9e3978f4661261748447b2b865565d035

Score

10^/10

njrat xxxxxxxxx.exe evasion suricata

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

xxxxxxxxx.exe

C2

4.tcp.ngrok.io:16415

Mutex

2610bdfa4fe0f690b7929cc2b550f15c

Attributes

reg_key
2610bdfa4fe0f690b7929cc2b550f15c
splitter
|'|'|

Targets

- Target
  
  5320400539E21BE4EEE7C8ADC75F045B957D5696007AD.exe
- Size
  
  37KB
- MD5
  
  cd1ba87e58f7a1c7dbd1dfc3c9b027a2
- SHA1
  
  c05f65395e32da15608b008ea9d6f1feff90d3e5
- SHA256
  
  5320400539e21be4eee7c8adc75f045b957d5696007adb23c0f390bcfdfea9cc
- SHA512
  
  d079c4870e8c3a0829ab8e6d5f261e231179041390ef4a93d9faffe4450b9ea22338cdbd9a8c57672b40fe25c517baf9e3978f4661261748447b2b865565d035
Score

10^/10

evasion suricata
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

xxxxxxxxx.exenjrat

behavioral1

evasionsuricata

behavioral2

evasionsuricata