njrat | 87b9a82fa05019692e89dc944a4fe1ab669d1c844abfd509c7e3648a024d4a73 | Triage

Sharing

General

Target

a20a44e2add8f2ee2434258a20ac815e.exe
Size

93KB
Sample

211204-3fljqabgdn
MD5

a20a44e2add8f2ee2434258a20ac815e
SHA1

bf2886c5bda80c2cc1a1a8d3d270f3e82f3f39b9
SHA256

87b9a82fa05019692e89dc944a4fe1ab669d1c844abfd509c7e3648a024d4a73
SHA512

ebb8b81d74aaf9475f64a23116da3d62497a6c92f6a7ac33fdcb7895e0aab6419c86ab92e104dc66cfc13a5bd0faa104fb3a997ce7bcfd0044e2ad3d25273e36

Score

10^/10

njrat hacked evasion suricata

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

FRANSESCOTA5LjEyFRANSESCOy4xFRANSESCOTguNjFRANSESCOStrik:NDQz

Mutex

3f0e7e396c4b65a76b6471f1f9d6d90a

Attributes

reg_key
3f0e7e396c4b65a76b6471f1f9d6d90a
splitter
|'|'|

Targets

- Target
  
  a20a44e2add8f2ee2434258a20ac815e.exe
- Size
  
  93KB
- MD5
  
  a20a44e2add8f2ee2434258a20ac815e
- SHA1
  
  bf2886c5bda80c2cc1a1a8d3d270f3e82f3f39b9
- SHA256
  
  87b9a82fa05019692e89dc944a4fe1ab669d1c844abfd509c7e3648a024d4a73
- SHA512
  
  ebb8b81d74aaf9475f64a23116da3d62497a6c92f6a7ac33fdcb7895e0aab6419c86ab92e104dc66cfc13a5bd0faa104fb3a997ce7bcfd0044e2ad3d25273e36
Score

10^/10

evasion suricata
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionsuricata

behavioral2

evasionsuricata