njrat | bf8e99aff676c619236dd47399d9a43e8f3afb9df78aa2852f8270ae4870be48 | Triage

Sharing

General

Target

03400b0baec9c5e28a4c8b9a581cea7d.exe
Size

500KB
Sample

220512-s6wghadebp
MD5

03400b0baec9c5e28a4c8b9a581cea7d
SHA1

cac992a233a4e478bf645750fa927f2167bcd0df
SHA256

bf8e99aff676c619236dd47399d9a43e8f3afb9df78aa2852f8270ae4870be48
SHA512

fa93a4eed519b153fb5d60527ac738163c9c71ca36596acb388c6282cd78c3b2aea1681d926a9dad4576b61780f2afce0b6a141728d39b8da203374117bbc5c8

Score

10^/10

njrat junio30 persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

JUNIO30

C2

verde2020.duckdns.org:7782

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
1234

Targets

- Target
  
  03400b0baec9c5e28a4c8b9a581cea7d.exe
- Size
  
  500KB
- MD5
  
  03400b0baec9c5e28a4c8b9a581cea7d
- SHA1
  
  cac992a233a4e478bf645750fa927f2167bcd0df
- SHA256
  
  bf8e99aff676c619236dd47399d9a43e8f3afb9df78aa2852f8270ae4870be48
- SHA512
  
  fa93a4eed519b153fb5d60527ac738163c9c71ca36596acb388c6282cd78c3b2aea1681d926a9dad4576b61780f2afce0b6a141728d39b8da203374117bbc5c8
Score

10^/10

njrat junio30 persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratjunio30persistencesuricatatrojan

behavioral2