njrat | 8cb915d7c533ba97e0da2be371dee85a8c79bc3b59b9307987c32b4afd1d7ff0 | Triage

Sharing

General

Target

8CB915D7C533BA97E0DA2BE371DEE85A8C79BC3B59B93.exe
Size

23KB
Sample

220708-cp6yxafce2
MD5

79df9b67b95e3ab2aab1943199ff62bf
SHA1

5bb95763f9a5568bab0a30253eacf4781709038f
SHA256

8cb915d7c533ba97e0da2be371dee85a8c79bc3b59b9307987c32b4afd1d7ff0
SHA512

ef41a92468cac0604ad1e9b8bed95c6892cd421eead9faf0a668dc604c4f5f71c507aeb9ac284d162d605ab433ce11687f8a3aff8a2840cbbb852351e038523f

Score

10^/10

njrat 55555555555 evasion suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

55555555555

C2

cihan05.duckdns.org:1954

Mutex

64943d0f79b2379155de3b5ae44be8c4

Attributes

reg_key
64943d0f79b2379155de3b5ae44be8c4
splitter
|'|'|

Targets

- Target
  
  8CB915D7C533BA97E0DA2BE371DEE85A8C79BC3B59B93.exe
- Size
  
  23KB
- MD5
  
  79df9b67b95e3ab2aab1943199ff62bf
- SHA1
  
  5bb95763f9a5568bab0a30253eacf4781709038f
- SHA256
  
  8cb915d7c533ba97e0da2be371dee85a8c79bc3b59b9307987c32b4afd1d7ff0
- SHA512
  
  ef41a92468cac0604ad1e9b8bed95c6892cd421eead9faf0a668dc604c4f5f71c507aeb9ac284d162d605ab433ce11687f8a3aff8a2840cbbb852351e038523f
Score

10^/10

evasion suricata njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

55555555555njrat

behavioral1

evasionsuricata

behavioral2

njratevasionsuricatatrojan