njrat | b1c0e35f47273a236518f43ee56c0367d8b423ca9ed8f9e7ad4a875caa47bb69 | Triage

Sharing

General

Target

753C707E47BCE65D32BE781EA1584E0B.exe
Size

84KB
Sample

210811-nsel67kdyj
MD5

753c707e47bce65d32be781ea1584e0b
SHA1

7b43f6a910b01553dfae51560570365e3ce9ed42
SHA256

b1c0e35f47273a236518f43ee56c0367d8b423ca9ed8f9e7ad4a875caa47bb69
SHA512

8afc2ebbc80e17e42317202e9479e0c223456cf9f0b22ccdf9fe486eff19ebf9a33a2e00c01aa81168d4ad9950c34c8d78dc2f5821702fe61874221088d3cdda

Score

10^/10

njrat nyan cat persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

NYAN CAT

C2

narotomagic.publicvm.com:6663

Mutex

a728eeadc9774101a351e2a5b3fe9598

Attributes

reg_key
a728eeadc9774101a351e2a5b3fe9598
splitter
|'|'|

Targets

- Target
  
  753C707E47BCE65D32BE781EA1584E0B.exe
- Size
  
  84KB
- MD5
  
  753c707e47bce65d32be781ea1584e0b
- SHA1
  
  7b43f6a910b01553dfae51560570365e3ce9ed42
- SHA256
  
  b1c0e35f47273a236518f43ee56c0367d8b423ca9ed8f9e7ad4a875caa47bb69
- SHA512
  
  8afc2ebbc80e17e42317202e9479e0c223456cf9f0b22ccdf9fe486eff19ebf9a33a2e00c01aa81168d4ad9950c34c8d78dc2f5821702fe61874221088d3cdda
Score

10^/10

njrat nyan cat persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan catpersistencesuricatatrojan