njrat | 5dae5e47219476cfd682ae4a1e7e2e554fb2fccecd1b4fe7569f74ce4e44f097 | Triage

Submit
Reports

Overview

overview

Static

static

dllhost.exe

windows10_x64

Sharing

General

Target

dllhost.exe
Size

93KB
Sample

220614-s714dabdd2
MD5

3981bc5841eda6cb5bea733f18711f0a
SHA1

c2fa36ddf5583d4d8acb2708d8b99773ba2fc4ce
SHA256

5dae5e47219476cfd682ae4a1e7e2e554fb2fccecd1b4fe7569f74ce4e44f097
SHA512

2ab52c78a7c3e20773fcf5679c925c413efdde050e568218dac45dd09b960aa3e763eca55932ef4e0723ecb23b533b250562374a9af3733a52ed392b9a756d58

Score

10^/10

njrat mediaget evasion suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

dllhost.exe

Resource

win10-20220414-en

njrat mediaget evasion suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MediaGet

C2

OTFRANSESCOuOTkuFRANSESCOTA0Ljk2:MTc1MjQ=

Mutex

e16ca4b3ba16d929041c508a1cd98a13

Attributes

reg_key
e16ca4b3ba16d929041c508a1cd98a13
splitter
|'|'|

Targets

- Target
  
  dllhost.exe
- Size
  
  93KB
- MD5
  
  3981bc5841eda6cb5bea733f18711f0a
- SHA1
  
  c2fa36ddf5583d4d8acb2708d8b99773ba2fc4ce
- SHA256
  
  5dae5e47219476cfd682ae4a1e7e2e554fb2fccecd1b4fe7569f74ce4e44f097
- SHA512
  
  2ab52c78a7c3e20773fcf5679c925c413efdde050e568218dac45dd09b960aa3e763eca55932ef4e0723ecb23b533b250562374a9af3733a52ed392b9a756d58
Score

10^/10

njrat mediaget evasion suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
  suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
  suricata
- suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Get Passwords)
  suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Get Passwords)
  suricata
- suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
  suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratmediagetevasionsuricatatrojan

© 2018-2024

Terms | Privacy