njrat | 13fad25d5b28e40800b274126f0156fd556053dfd5da26372332d1d423ad513a | Triage

Sharing

General

Target

13fad25d5b28e40800b274126f0156fd556053dfd5da26372332d1d423ad513a
Size

43KB
Sample

220520-fanqkaadb7
MD5

ee5027ce7b50ae0ca2f47fb53c4fd3fc
SHA1

7712a2b7763a90efb6666c5f9b59f662107f6b9a
SHA256

13fad25d5b28e40800b274126f0156fd556053dfd5da26372332d1d423ad513a
SHA512

62c504561a9c3faef0b85918601366c695306c8f0573209af63d4839f9d5dc9849d7db5f30008302f52b99ad6d823f566347d1fd4e6a6beb667c172d3e9a8614

Score

10^/10

njrat hacked persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

0.tcp.ngrok.io:18438

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  13fad25d5b28e40800b274126f0156fd556053dfd5da26372332d1d423ad513a
- Size
  
  43KB
- MD5
  
  ee5027ce7b50ae0ca2f47fb53c4fd3fc
- SHA1
  
  7712a2b7763a90efb6666c5f9b59f662107f6b9a
- SHA256
  
  13fad25d5b28e40800b274126f0156fd556053dfd5da26372332d1d423ad513a
- SHA512
  
  62c504561a9c3faef0b85918601366c695306c8f0573209af63d4839f9d5dc9849d7db5f30008302f52b99ad6d823f566347d1fd4e6a6beb667c172d3e9a8614
Score

10^/10

njrat hacked persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedpersistencesuricatatrojan

behavioral2

njrathackedpersistencesuricatatrojan