njrat | edb3b0b8793cb5d62752e6cf2adf9f6d2e3fb736692d604c1ae63f607f0adbb9

General

Target

0eec81702c233690c337241bf260b6cb.exe
Size

23KB
Sample

211220-1aq6xacfbq
MD5

0eec81702c233690c337241bf260b6cb
SHA1

612bcf1d18bedb0a41ad1332d7a386ae17ffb6f5
SHA256

edb3b0b8793cb5d62752e6cf2adf9f6d2e3fb736692d604c1ae63f607f0adbb9
SHA512

701f1ae5e8b1d4b6256cf34417570f525606acf5c2c08b48f49c0b2fad6d8c16f97735555527ea738c2d7a7b3d3b3bec9753baba103a98a52bcbd528d3c2a9db

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hacking

C2

2.tcp.ngrok.io:19922

Mutex

e2ad17efa2778f92dcb53a1b843be36d

Attributes

reg_key
e2ad17efa2778f92dcb53a1b843be36d
splitter
|'|'|

Targets

- Target
  
  0eec81702c233690c337241bf260b6cb.exe
- Size
  
  23KB
- MD5
  
  0eec81702c233690c337241bf260b6cb
- SHA1
  
  612bcf1d18bedb0a41ad1332d7a386ae17ffb6f5
- SHA256
  
  edb3b0b8793cb5d62752e6cf2adf9f6d2e3fb736692d604c1ae63f607f0adbb9
- SHA512
  
  701f1ae5e8b1d4b6256cf34417570f525606acf5c2c08b48f49c0b2fad6d8c16f97735555527ea738c2d7a7b3d3b3bec9753baba103a98a52bcbd528d3c2a9db
Score

10^/10

njrat hacking evasion persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

njRAT/Bladabindi

suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

Executes dropped EXE

Modifies Windows Firewall

Drops startup file

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2