njrat | e74eff68f4d855b3156a397f504cfae911707ead7faf77562973dde4411b4c71 | Triage

Submit
Reports

Overview

overview

Static

static

porn.exe

windows7_x64

porn.exe

windows10-2004_x64

Sharing

General

Target

porn__ratnik_parol_123.rar
Size

16KB
Sample

220613-1dfjksahck
MD5

f63b8c9a2d769fe4d143cc7fcbf9ddab
SHA1

859abd93f35d92f5389471cd08ea2777ae5e479e
SHA256

e74eff68f4d855b3156a397f504cfae911707ead7faf77562973dde4411b4c71
SHA512

deda572bc939370349a70ea897aefa67320e0fd0c1315c5bb53bbf2e79f4b68ca26581ae4cd62b60e8df97df3857dca2de92c10ed9b86e40b93c3372c56b3e9b

Score

10^/10

njrat lox evasion suricata

Static task

static1

Behavioral task

behavioral1

Sample

porn.exe

Resource

win7-20220414-en

evasion suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

porn.exe

Resource

win10v2004-20220414-en

evasion suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

lox

C2

0.tcp.eu.ngrok.io:18592

Mutex

0293991c6c54420dffa3c5a0d72faa13

Attributes

reg_key
0293991c6c54420dffa3c5a0d72faa13
splitter
|'|'|

Targets

- Target
  
  porn.exe
- Size
  
  37KB
- MD5
  
  a0206c088475dfd1f4704cd44f06c36f
- SHA1
  
  caf554c3f8b74be701cda27d1ef472861a0e8955
- SHA256
  
  a6a5d9c990f65662ccf6888c02135c6f4e267ccd0fb1e5abbbf97fa0795bf54e
- SHA512
  
  ff6717f71fed88e5cae6dac48b6aa5b4ccb2fb20e6ae0850462d2512b2e72d6fbc78900fadc4d06a08dfaf14ae397b6654721ebee50b570764ae06191bdd610a
Score

10^/10

evasion suricata
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
  suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
  suricata
- suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
  suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
  suricata
- suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
  suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
  suricata
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionsuricata

behavioral2

evasionsuricata

© 2018-2024

Terms | Privacy