njrat | 3e7c51d2872014402332aa1e75d853db3d157c7521908852363618a3cdcc5be9

General

Target

QA6433_#002.vbs
Size

1KB
Sample

211123-sqtb7saeaj
MD5

a124bd8fd1451e19150b422695548e0e
SHA1

7c6b915684cacddeff53b78394e07789b55d0b2a
SHA256

3e7c51d2872014402332aa1e75d853db3d157c7521908852363618a3cdcc5be9
SHA512

515bb7cd68df86d248253d0b84a9dcf89d6ae4cc28c3edc432c9a1562d1dab4339d37c13c6a6e75b5c37bc6815dd43b7699165e50e73964d633f2808507ad5ad

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://fs13n4.sendspace.com/dlpro/3137f454c7a01624c025f577c50150f1/619cfd5e/tza6mk/HSJWE.txt

Extracted

Family

njrat

Version

1.9

Botnet

HacKed

Mutex

Microsoft.Exe

Attributes

reg_key
Microsoft.Exe

Targets

- Target
  
  QA6433_#002.vbs
- Size
  
  1KB
- MD5
  
  a124bd8fd1451e19150b422695548e0e
- SHA1
  
  7c6b915684cacddeff53b78394e07789b55d0b2a
- SHA256
  
  3e7c51d2872014402332aa1e75d853db3d157c7521908852363618a3cdcc5be9
- SHA512
  
  515bb7cd68df86d248253d0b84a9dcf89d6ae4cc28c3edc432c9a1562d1dab4339d37c13c6a6e75b5c37bc6815dd43b7699165e50e73964d633f2808507ad5ad
Score

10^/10

njrat hacked evasion suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Blocklisted process makes network request
- Modifies Windows Firewall
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

njRAT/Bladabindi

suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

Blocklisted process makes network request

Modifies Windows Firewall

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2