njrat | a70002c527a508f14051e606115ad0a04c045d7ffdb6a70ed01361b3ce7b3de2 | Triage

Sharing

General

Target

18f1f44a28639057e66f8390d4faa3df.exe
Size

31KB
Sample

211202-k3bc6adgbk
MD5

18f1f44a28639057e66f8390d4faa3df
SHA1

ee8cf7689899772f5e59e66bc66b89fd19269ea0
SHA256

a70002c527a508f14051e606115ad0a04c045d7ffdb6a70ed01361b3ce7b3de2
SHA512

d91eb5032067e9b36a9b6d67ad2d335b650ff1de17b272740f94fcd58d644caae0dbd236e1da11284d5538b92b38d6c6d49b0c7ea0d0a96d2d47849bab6d86b6

Score

10^/10

njrat mybot evasion persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

8.tcp.ngrok.io:13962

Mutex

aaffeb7a5f54025070b8e182b1fa7d98

Attributes

reg_key
aaffeb7a5f54025070b8e182b1fa7d98
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  18f1f44a28639057e66f8390d4faa3df.exe
- Size
  
  31KB
- MD5
  
  18f1f44a28639057e66f8390d4faa3df
- SHA1
  
  ee8cf7689899772f5e59e66bc66b89fd19269ea0
- SHA256
  
  a70002c527a508f14051e606115ad0a04c045d7ffdb6a70ed01361b3ce7b3de2
- SHA512
  
  d91eb5032067e9b36a9b6d67ad2d335b650ff1de17b272740f94fcd58d644caae0dbd236e1da11284d5538b92b38d6c6d49b0c7ea0d0a96d2d47849bab6d86b6
Score

10^/10

njrat evasion persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasionpersistencesuricatatrojan

behavioral2

njratevasionpersistencesuricatatrojan