njrat | 8ca335734e64485bc7205310599635615cac9d91ecf4492189e90ad07cd75184 | Triage

Sharing

General

Target

#1763541093.zip
Size

503KB
Sample

220121-18malsbhdj
MD5

cb150c9ff3aaec6cf953c3ee6d39efac
SHA1

c936b3beb13a9f7ca057fa568b9548dfb2268b30
SHA256

8ca335734e64485bc7205310599635615cac9d91ecf4492189e90ad07cd75184
SHA512

3ad2f24c50d505fcfdd656e28e6c76a822f3365315f916b0c382242076b051b4de473facffcdba682932e8d89e5881620522c834bc40b032031b6ffee2d03e69

Score

10^/10

njrat hacked evasion persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

1.9

Botnet

HacKed

Mutex

Microsoft.Exe

Attributes

reg_key
Microsoft.Exe

Targets

- Target
  
  #1763541093.exe
- Size
  
  300.0MB
- MD5
  
  c8b67047772884a1bbca4b84cce30dac
- SHA1
  
  e55b2a5bffa0c72196f0cb5334436a93362ed419
- SHA256
  
  aba07cd1475a52821471edf1d361ffc6ee2a5ea13f8ef4eb7b0bd052f1b92c44
- SHA512
  
  98f7e29d0c92545ca579276488dd2ec473a3cdc1024c2313bc0f25118a4682fb2d02c4ea7ea230e8c952a04d2cd4bbc3d5d4660933539786dbcff0529aa9ff95
Score

10^/10

njrat hacked evasion persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencesuricatatrojan

behavioral2