njrat | 13b95e2c39f004190e3f58bcb70572503ffe3ffc7a8d0847ddc903b1f6379077 | Triage

Sharing

General

Target

bCC1.exe
Size

36KB
Sample

220713-zta4csagej
MD5

f4d773204535e8e3f72597c16c09f2cd
SHA1

c783cb23b76d158d5f69e5126a73fec46c3a7c99
SHA256

13b95e2c39f004190e3f58bcb70572503ffe3ffc7a8d0847ddc903b1f6379077
SHA512

5ea85c0b9ffe26945feeaafb917566374c47bcffb9ae1144258bdd917f9936885532591e41055ee1f88c33ae11c0e42435f60d7f36f1cd5cdcc82154417aad31

Score

10^/10

njrat hacked suricata

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

https://pastebin.com/raw/ZXZvTkcj:5552

Mutex

6a2634340fbf8a0a2c038c6263d49fd1

Attributes

reg_key
6a2634340fbf8a0a2c038c6263d49fd1
splitter
|'|'|

Targets

- Target
  
  bCC1.exe
- Size
  
  36KB
- MD5
  
  f4d773204535e8e3f72597c16c09f2cd
- SHA1
  
  c783cb23b76d158d5f69e5126a73fec46c3a7c99
- SHA256
  
  13b95e2c39f004190e3f58bcb70572503ffe3ffc7a8d0847ddc903b1f6379077
- SHA512
  
  5ea85c0b9ffe26945feeaafb917566374c47bcffb9ae1144258bdd917f9936885532591e41055ee1f88c33ae11c0e42435f60d7f36f1cd5cdcc82154417aad31
Score

10^/10

suricata
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2