njrat | e3f2213250dc7d0adcf052b29a087e04adac285c26590270a75ad587d10ae2df | Triage

Sharing

General

Target

bDC8.exe
Size

36KB
Sample

220723-afj2nsagb8
MD5

0e699f21f73c1c9a5d7f6297f7e7ed3f
SHA1

474f08bfec42bca4ebecc623117e9e5f66face0b
SHA256

e3f2213250dc7d0adcf052b29a087e04adac285c26590270a75ad587d10ae2df
SHA512

5257602ecfadc96a82e483bbfc090d7596cd328c0cde32f95ca153a8781ed029b4722ec47d6fc0891626b27a00fb05dfc8ba7a1e83f506395afdaa62aa47dc9d

Score

10^/10

njrat hacked suricata

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

https://pastebin.com/raw/2gGF5JRm:5552

Mutex

6a2634340fbf8a0a2c038c6263d49fd1

Attributes

reg_key
6a2634340fbf8a0a2c038c6263d49fd1
splitter
|'|'|

Targets

- Target
  
  bDC8.exe
- Size
  
  36KB
- MD5
  
  0e699f21f73c1c9a5d7f6297f7e7ed3f
- SHA1
  
  474f08bfec42bca4ebecc623117e9e5f66face0b
- SHA256
  
  e3f2213250dc7d0adcf052b29a087e04adac285c26590270a75ad587d10ae2df
- SHA512
  
  5257602ecfadc96a82e483bbfc090d7596cd328c0cde32f95ca153a8781ed029b4722ec47d6fc0891626b27a00fb05dfc8ba7a1e83f506395afdaa62aa47dc9d
Score

10^/10

suricata
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2