njrat | 97445a651bd56279e64a3f4bf79e454205e00bc84c7b500b0e69e30a93e85075 | Triage

Sharing

General

Target

a6e5b75aa89f9057e0ab97d0064f9226.exe
Size

31KB
Sample

211227-2z6hkabgcq
MD5

a6e5b75aa89f9057e0ab97d0064f9226
SHA1

563235fef327e1877822799f2a60c6309146e6e8
SHA256

97445a651bd56279e64a3f4bf79e454205e00bc84c7b500b0e69e30a93e85075
SHA512

6276c98823d774830b575a24a71c4f31d89ab14a3b9cc5df1aa19e79e5bd23500f3c9605acc7e00b15e7d126d9bd33cd45b4f290a0ccdf14c9fafa528bf2b7e4

Score

10^/10

njrat mybot evasion suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

66.70.242.36:8080

Mutex

809f58a08e0959cac84aebf152692d86

Attributes

reg_key
809f58a08e0959cac84aebf152692d86
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  a6e5b75aa89f9057e0ab97d0064f9226.exe
- Size
  
  31KB
- MD5
  
  a6e5b75aa89f9057e0ab97d0064f9226
- SHA1
  
  563235fef327e1877822799f2a60c6309146e6e8
- SHA256
  
  97445a651bd56279e64a3f4bf79e454205e00bc84c7b500b0e69e30a93e85075
- SHA512
  
  6276c98823d774830b575a24a71c4f31d89ab14a3b9cc5df1aa19e79e5bd23500f3c9605acc7e00b15e7d126d9bd33cd45b4f290a0ccdf14c9fafa528bf2b7e4
Score

10^/10

njrat evasion suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionsuricatatrojan

behavioral2

njratevasionsuricatatrojan