njrat | 45bb2795caac14d2915644b8c6aed568a8681dd12cab779e5bb535cc03a95a34 | Triage

Sharing

General

Target

a5b3dd8d83d63498c52d938f63eb61bf.exe
Size

37KB
Sample

220527-ry5jrsfdbl
MD5

a5b3dd8d83d63498c52d938f63eb61bf
SHA1

6a07038608774231386f436ba4ca7063abf28078
SHA256

45bb2795caac14d2915644b8c6aed568a8681dd12cab779e5bb535cc03a95a34
SHA512

0e75a66c7366a6e0d5b05d45c453fab73c37e9376c2865ccc0741d7323d6568410e5a20e2d0c16801995028b0173edcb8ee58653b9874a3a351df6167666d745

Score

10^/10

njrat bot evasion persistence suricata

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

BOT

C2

2.tcp.eu.ngrok.io:15441

Mutex

88489d1083fd6ed1fecee39e01330c6c

Attributes

reg_key
88489d1083fd6ed1fecee39e01330c6c
splitter
|'|'|

Targets

- Target
  
  a5b3dd8d83d63498c52d938f63eb61bf.exe
- Size
  
  37KB
- MD5
  
  a5b3dd8d83d63498c52d938f63eb61bf
- SHA1
  
  6a07038608774231386f436ba4ca7063abf28078
- SHA256
  
  45bb2795caac14d2915644b8c6aed568a8681dd12cab779e5bb535cc03a95a34
- SHA512
  
  0e75a66c7366a6e0d5b05d45c453fab73c37e9376c2865ccc0741d7323d6568410e5a20e2d0c16801995028b0173edcb8ee58653b9874a3a351df6167666d745
Score

10^/10

evasion persistence suricata
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencesuricata

behavioral2

evasionpersistencesuricata