njrat | 1b5623a3835cd779d255c177b644fb731f093fc60c8e73e7fd57e2330e85c214 | Triage

Sharing

General

Target

1B5623A3835CD779D255C177B644FB731F093FC60C8E7.exe
Size

27KB
Sample

211222-yyw1ysghan
MD5

17342737aa4da913d168e0c7a8f97737
SHA1

92a62d7222236de3c089a1efa103dae56a56abd5
SHA256

1b5623a3835cd779d255c177b644fb731f093fc60c8e73e7fd57e2330e85c214
SHA512

eb46a1bef25797a0ebf035708e5654c2a6b6638d6399926144fc22b6b7e2d628b9ea8b7f381546e2e7ec15ac57901316613a6ca05d60033c9465a3e2bf9ab991

Score

10^/10

njrat hacked persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

2.tcp.ngrok.io:10434

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  1B5623A3835CD779D255C177B644FB731F093FC60C8E7.exe
- Size
  
  27KB
- MD5
  
  17342737aa4da913d168e0c7a8f97737
- SHA1
  
  92a62d7222236de3c089a1efa103dae56a56abd5
- SHA256
  
  1b5623a3835cd779d255c177b644fb731f093fc60c8e73e7fd57e2330e85c214
- SHA512
  
  eb46a1bef25797a0ebf035708e5654c2a6b6638d6399926144fc22b6b7e2d628b9ea8b7f381546e2e7ec15ac57901316613a6ca05d60033c9465a3e2bf9ab991
Score

10^/10

njrat hacked persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedpersistencesuricatatrojan

behavioral2

njrathackedpersistencesuricatatrojan