njrat | d6355ea09274149b47d0fab0edc18d2627a1866557ac3a4cce6f4f15b586b9c2 | Triage

Sharing

General

Target

0x000a00000001310c-58.dat
Size

25KB
Sample

220627-dyplnaage6
MD5

7398714aa7e951484c0230bd1919a4d7
SHA1

ba27dc586f7de6d5bc21e54a8ba7b02c980b23ac
SHA256

d6355ea09274149b47d0fab0edc18d2627a1866557ac3a4cce6f4f15b586b9c2
SHA512

391249bdee93f2d2bea6c2c46f791d9533de73c79804a11ac18959fbf3eaf87483988c4fd1310187bf6a8afe3757c302682025b6295380ea0dc6b383693719cf

Score

10^/10

njrat hacked jfk evasion persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HACKED JFK

C2

103.149.13.61:4545

Mutex

782e4e93b9158d4d448232ed139fc0db

Attributes

reg_key
782e4e93b9158d4d448232ed139fc0db
splitter
|'|'|

Targets

- Target
  
  0x000a00000001310c-58.dat
- Size
  
  25KB
- MD5
  
  7398714aa7e951484c0230bd1919a4d7
- SHA1
  
  ba27dc586f7de6d5bc21e54a8ba7b02c980b23ac
- SHA256
  
  d6355ea09274149b47d0fab0edc18d2627a1866557ac3a4cce6f4f15b586b9c2
- SHA512
  
  391249bdee93f2d2bea6c2c46f791d9533de73c79804a11ac18959fbf3eaf87483988c4fd1310187bf6a8afe3757c302682025b6295380ea0dc6b383693719cf
Score

10^/10

njrat hacked jfk evasion persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

hacked jfknjrat

behavioral1

njrathacked jfkevasionpersistencesuricatatrojan

behavioral2

njrathacked jfkevasionpersistencesuricatatrojan