njrat | 908223268861c2ef922ef1242e3b237170ebbcd00ad2b0d71a18731028411d48 | Triage

Sharing

General

Target

b483f085febb1012d704842c1c08671b.exe
Size

93KB
Sample

211211-hdgsjacbfk
MD5

b483f085febb1012d704842c1c08671b
SHA1

222fb3497f02b7250642d091b62bc9ee805b55ae
SHA256

908223268861c2ef922ef1242e3b237170ebbcd00ad2b0d71a18731028411d48
SHA512

0820cebe251ca486f878f416b84d28eb1d189cd0250b6ebeb2c9eb7f255c67f7f429e6455eab49f3c543b89a2690d40d514c25f1dddfcf5dcc2919a238463cfe

Score

10^/10

njrat xmrig hacked evasion miner suricata

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

Ni50Y3Aubmdyb2suaW8Strik:MTc0NDE=

Mutex

5bf2c0e40ed10dcf491dc71b708a171f

Attributes

reg_key
5bf2c0e40ed10dcf491dc71b708a171f
splitter
|'|'|

Targets

- Target
  
  b483f085febb1012d704842c1c08671b.exe
- Size
  
  93KB
- MD5
  
  b483f085febb1012d704842c1c08671b
- SHA1
  
  222fb3497f02b7250642d091b62bc9ee805b55ae
- SHA256
  
  908223268861c2ef922ef1242e3b237170ebbcd00ad2b0d71a18731028411d48
- SHA512
  
  0820cebe251ca486f878f416b84d28eb1d189cd0250b6ebeb2c9eb7f255c67f7f429e6455eab49f3c543b89a2690d40d514c25f1dddfcf5dcc2919a238463cfe
Score

10^/10

xmrig evasion miner suricata
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigevasionminersuricata

behavioral2

evasionsuricata