njrat | 707fef4235cf1842dd9090a412f0b986d5901e5a7728c89804eebdaad40c2468 | Triage

Sharing

General

Target

ab71d3024ba35c9025ead27b28c075bd.exe
Size

93KB
Sample

211220-hdgsjaafbq
MD5

ab71d3024ba35c9025ead27b28c075bd
SHA1

67a1c777aa8dc845de80ac5da0c26088bccbf838
SHA256

707fef4235cf1842dd9090a412f0b986d5901e5a7728c89804eebdaad40c2468
SHA512

cf3f96595170102d21b597d2cbb692844c960ec3ed8acdc3b37e5421cd4dc26cab2c3e903773f2ffa03c443fec06f3d18520d4b2fd0fa3d8c8eb7ef2fe9febaf

Score

10^/10

njrat hacked evasion suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

OC50Y3Aubmdyb2suaW8Strik:MTQ3Mjk=

Mutex

54d823e4dec41df2d9207ed10cdce4f6

Attributes

reg_key
54d823e4dec41df2d9207ed10cdce4f6
splitter
|'|'|

Targets

- Target
  
  ab71d3024ba35c9025ead27b28c075bd.exe
- Size
  
  93KB
- MD5
  
  ab71d3024ba35c9025ead27b28c075bd
- SHA1
  
  67a1c777aa8dc845de80ac5da0c26088bccbf838
- SHA256
  
  707fef4235cf1842dd9090a412f0b986d5901e5a7728c89804eebdaad40c2468
- SHA512
  
  cf3f96595170102d21b597d2cbb692844c960ec3ed8acdc3b37e5421cd4dc26cab2c3e903773f2ffa03c443fec06f3d18520d4b2fd0fa3d8c8eb7ef2fe9febaf
Score

10^/10

njrat hacked evasion suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionsuricatatrojan

behavioral2

njrathackedevasionsuricatatrojan