njrat | 75ab761cc1439789376140b0ce2baf9fd7f6090a4a177cfcffd6fae11ec93071 | Triage

Sharing

General

Target

a6c258af41ba4806e49fb1acff81567a.exe
Size

259KB
Sample

220124-d6g7jsbdbq
MD5

a6c258af41ba4806e49fb1acff81567a
SHA1

8264f99a54cf67957decd9346bb6e0d3cc91af1e
SHA256

75ab761cc1439789376140b0ce2baf9fd7f6090a4a177cfcffd6fae11ec93071
SHA512

f21ced4af54da0041bea63316277726529f09af941effd34544d45d5a6e8e52e4eb3a515796715f85cbdd1d39be519ee4952812c10b064d577c4fb2fdcf1f31f

Score

10^/10

njrat uziclicker persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

UziClicker

C2

perpetual-pollution.auto.playit.gg:54523

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  a6c258af41ba4806e49fb1acff81567a.exe
- Size
  
  259KB
- MD5
  
  a6c258af41ba4806e49fb1acff81567a
- SHA1
  
  8264f99a54cf67957decd9346bb6e0d3cc91af1e
- SHA256
  
  75ab761cc1439789376140b0ce2baf9fd7f6090a4a177cfcffd6fae11ec93071
- SHA512
  
  f21ced4af54da0041bea63316277726529f09af941effd34544d45d5a6e8e52e4eb3a515796715f85cbdd1d39be519ee4952812c10b064d577c4fb2fdcf1f31f
Score

10^/10

njrat uziclicker persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

uziclickernjrat

behavioral1

njratuziclickerpersistencesuricatatrojan

behavioral2

njratuziclickerpersistencesuricatatrojan