njrat | 01a7fccd0aa64adcaa13e7109f8c969cabefcba820efaafbd75c6cd28490fe64 | Triage

Sharing

General

Target

dd5f2accefc6c6e3f0ffaa939e7466b0.exe
Size

93KB
Sample

211224-wqa3eadgeq
MD5

dd5f2accefc6c6e3f0ffaa939e7466b0
SHA1

9acf53d5bf720e9bd7ebd2222d9c367be68eb6c4
SHA256

01a7fccd0aa64adcaa13e7109f8c969cabefcba820efaafbd75c6cd28490fe64
SHA512

e64d7c39b806d7a0bfa1065b50320f227e632f74b69f084f4f721f15f06dffb07e6f7addc5bed574359419922b06915b33b9834ed391b5f6baffd30ded7fa02e

Score

10^/10

njrat hacked evasion suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

aXZpendpei5kZG5zLm5ldAStrikStrik:MTEyMg==

Mutex

2fc48b1a11b49734cf2eee30891a9de9

Attributes

reg_key
2fc48b1a11b49734cf2eee30891a9de9
splitter
|'|'|

Targets

- Target
  
  dd5f2accefc6c6e3f0ffaa939e7466b0.exe
- Size
  
  93KB
- MD5
  
  dd5f2accefc6c6e3f0ffaa939e7466b0
- SHA1
  
  9acf53d5bf720e9bd7ebd2222d9c367be68eb6c4
- SHA256
  
  01a7fccd0aa64adcaa13e7109f8c969cabefcba820efaafbd75c6cd28490fe64
- SHA512
  
  e64d7c39b806d7a0bfa1065b50320f227e632f74b69f084f4f721f15f06dffb07e6f7addc5bed574359419922b06915b33b9834ed391b5f6baffd30ded7fa02e
Score

10^/10

njrat hacked evasion suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionsuricatatrojan

behavioral2

njrathackedevasionsuricatatrojan