njrat | 0ad97be849c854ddea3a0df0597c8e9b2dc8dd4d274b9f4a89f2dc3e9a9fff3a | Triage

Sharing

General

Target

0AD97BE849C854DDEA3A0DF0597C8E9B2DC8DD4D274B9.exe
Size

25KB
Sample

211213-yw6sdafdal
MD5

ec08bdb2c15f50947f399f1f3825b69b
SHA1

602fe73180c9662ce229d090075a33e7e2cbc56c
SHA256

0ad97be849c854ddea3a0df0597c8e9b2dc8dd4d274b9f4a89f2dc3e9a9fff3a
SHA512

612ee1c4d512f58eea60670e4c3e2600be0d29b47b648741a294c1c72ddd7d6d1ee398cf30a00a471436ec3b92949d8bafe4b573df3bdd9df25224be9d1d1630

Score

10^/10

njrat hacked persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

8.tcp.ngrok.io:14002

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  0AD97BE849C854DDEA3A0DF0597C8E9B2DC8DD4D274B9.exe
- Size
  
  25KB
- MD5
  
  ec08bdb2c15f50947f399f1f3825b69b
- SHA1
  
  602fe73180c9662ce229d090075a33e7e2cbc56c
- SHA256
  
  0ad97be849c854ddea3a0df0597c8e9b2dc8dd4d274b9f4a89f2dc3e9a9fff3a
- SHA512
  
  612ee1c4d512f58eea60670e4c3e2600be0d29b47b648741a294c1c72ddd7d6d1ee398cf30a00a471436ec3b92949d8bafe4b573df3bdd9df25224be9d1d1630
Score

10^/10

njrat hacked persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedpersistencesuricatatrojan

behavioral2

njrathackedpersistencesuricatatrojan