njrat | 6a26df22cb05dc2e18cff91e23ca17faa373533c96b0aae17fc85212a9153568

General

Target

Meatspin.exe
Size

8.0MB
Sample

211128-s77wxshgbq
MD5

76455a480bdf074578b9e8f19687e941
SHA1

d49c63a1bbb200cff28851fdcec5443063f9bb5d
SHA256

6a26df22cb05dc2e18cff91e23ca17faa373533c96b0aae17fc85212a9153568
SHA512

40133d9afb03fce92e20516e30c95a115b035b681663924cfbbf589a92ed42a7c3b4a202ad001f16dcb36ad98380e9f9d7b4d101e75503afb1fa44d56a32e7ca

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

}|{EPTBA

C2

31.202.217.240:25565

Mutex

3135453d699962dfe8207d8121f308f4

Attributes

reg_key
3135453d699962dfe8207d8121f308f4
splitter
|'|'|

Targets

- Target
  
  Meatspin.exe
- Size
  
  8.0MB
- MD5
  
  76455a480bdf074578b9e8f19687e941
- SHA1
  
  d49c63a1bbb200cff28851fdcec5443063f9bb5d
- SHA256
  
  6a26df22cb05dc2e18cff91e23ca17faa373533c96b0aae17fc85212a9153568
- SHA512
  
  40133d9afb03fce92e20516e30c95a115b035b681663924cfbbf589a92ed42a7c3b4a202ad001f16dcb36ad98380e9f9d7b4d101e75503afb1fa44d56a32e7ca
Score

10^/10

njrat }|{eptba evasion suricata trojan persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
  suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

njRAT/Bladabindi

suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)

Executes dropped EXE

Modifies Windows Firewall

Drops startup file

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2