njrat | 742e7b3fa903eb64cb3160861636df034123fdfecb271da1235703d246ade55f | Triage

Sharing

General

Target

5415876078239744.zip
Size

130KB
Sample

220121-1b69hsbfdp
MD5

9d892866edeb51cb29cc2721a7148f81
SHA1

ed09749f67308a30801ffcf6f528eea3f9bf3f69
SHA256

742e7b3fa903eb64cb3160861636df034123fdfecb271da1235703d246ade55f
SHA512

9f99d92a448e51dd2a68a8160b4cbe4d432b96ac83be6b9be032ab784d19058c5e15a7c2299dd187940b15a7f2d546a1b72260b98217b32528f2c1793276367b

Score

10^/10

njrat hacked evasion persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

1.9

Botnet

HacKed

Mutex

Microsoft.Exe

Attributes

reg_key
Microsoft.Exe

Targets

- Target
  
  #93874654.exe
- Size
  
  300.0MB
- MD5
  
  a7328c9dba8e429ee5e171a661505137
- SHA1
  
  f637c4df8840fb7cc8fa93e925294145cab91457
- SHA256
  
  6248199255f4525503101e01e38d60fda27ee9bcc72a74a817dc1d01596d2a9b
- SHA512
  
  139c83862561881e328084d813509518fa353d07b532549cf93e7bed9151b137a9239b1c8e2162c85e4956bf327efb847a9643177cbf88cde89634779ddb2ca2
Score

10^/10

njrat hacked evasion persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencesuricatatrojan

behavioral2

njrathackedevasionpersistencesuricatatrojan