njrat | 13958533a121d7d40e9b6c795e04f28a9bc66c29b713d0af780b66ecda3222b0 | Triage

Sharing

General

Target

5a3f8432068137c850d17874273fd427.exe
Size

31KB
Sample

211202-j55t4sdbdn
MD5

5a3f8432068137c850d17874273fd427
SHA1

61c91d3c1a8f2af743431c593594e168e21e03c6
SHA256

13958533a121d7d40e9b6c795e04f28a9bc66c29b713d0af780b66ecda3222b0
SHA512

0baf77c8391a72ca0cf187d0101a9c8d0fefc5515153744830706b671412bfc0aafa077596b7911742c1b0b35efa01d666bd4389d2fffaf188d3b736eb0a04b5

Score

10^/10

njrat mybot evasion persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

4.tcp.ngrok.io:14032

Mutex

e83433789b9bce5c55182b1ac13312d8

Attributes

reg_key
e83433789b9bce5c55182b1ac13312d8
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  5a3f8432068137c850d17874273fd427.exe
- Size
  
  31KB
- MD5
  
  5a3f8432068137c850d17874273fd427
- SHA1
  
  61c91d3c1a8f2af743431c593594e168e21e03c6
- SHA256
  
  13958533a121d7d40e9b6c795e04f28a9bc66c29b713d0af780b66ecda3222b0
- SHA512
  
  0baf77c8391a72ca0cf187d0101a9c8d0fefc5515153744830706b671412bfc0aafa077596b7911742c1b0b35efa01d666bd4389d2fffaf188d3b736eb0a04b5
Score

10^/10

njrat evasion persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistencesuricatatrojan

behavioral2

njratevasionpersistencesuricatatrojan