njrat | 746e511b6f9291eea51de5f16e65eeeb5341049cb82ad8abe13d01452e85e469 | Triage

Sharing

General

Target

a2105798edb6b4164a60c200ad1c4e3a.exe
Size

27KB
Sample

211207-v11v5sbffl
MD5

a2105798edb6b4164a60c200ad1c4e3a
SHA1

2d9a66acba0e05de797f82d4a7b1d266d057078c
SHA256

746e511b6f9291eea51de5f16e65eeeb5341049cb82ad8abe13d01452e85e469
SHA512

7ae2ff37e92b1f1e8d67b2963449d6dc9d10b7ba2d0920e10439f88ce9ff495510760ff500e4c290c2b48a51b6ace0f14cefe0020240b1c846a1594db4174088

Score

10^/10

njrat hacked persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

melhortrojanrerer.duckdns.org:5552

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  a2105798edb6b4164a60c200ad1c4e3a.exe
- Size
  
  27KB
- MD5
  
  a2105798edb6b4164a60c200ad1c4e3a
- SHA1
  
  2d9a66acba0e05de797f82d4a7b1d266d057078c
- SHA256
  
  746e511b6f9291eea51de5f16e65eeeb5341049cb82ad8abe13d01452e85e469
- SHA512
  
  7ae2ff37e92b1f1e8d67b2963449d6dc9d10b7ba2d0920e10439f88ce9ff495510760ff500e4c290c2b48a51b6ace0f14cefe0020240b1c846a1594db4174088
Score

10^/10

njrat hacked persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedpersistencesuricatatrojan

behavioral2

njrathackedpersistencesuricatatrojan