Overview

overview

10

Static

static

993cfb1428...e6.exe

windows7_x64

1

993cfb1428...e6.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    993cfb1428ec0efdbab42445515ccce6

  • Size

    71KB

  • Sample

    210901-k7kjkr4xla

  • MD5

    993cfb1428ec0efdbab42445515ccce6

  • SHA1

    9355f52cec2091d8ea34e00ca8866bdb9a8ad909

  • SHA256

    255234ff22cd6f3ea61d6f3c5242965ec12d7573b7cf7868d59587d5073216c9

  • SHA512

    839100476195b9a69106379fbd8680c8dad65ffb5b9d4dddf32a8cbc40e1211055489d508d611db5133cdb4889569319bf13af1d29992ce8f25f842874c7820e

Score
10/10
njratnyan catsuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

envirat.duckdns.org:3013

Mutex

6de17d5355fa43eca7e

Attributes
  • reg_key

    6de17d5355fa43eca7e

  • splitter

    @!#&^%$

Targets

    • Target

      993cfb1428ec0efdbab42445515ccce6

    • Size

      71KB

    • MD5

      993cfb1428ec0efdbab42445515ccce6

    • SHA1

      9355f52cec2091d8ea34e00ca8866bdb9a8ad909

    • SHA256

      255234ff22cd6f3ea61d6f3c5242965ec12d7573b7cf7868d59587d5073216c9

    • SHA512

      839100476195b9a69106379fbd8680c8dad65ffb5b9d4dddf32a8cbc40e1211055489d508d611db5133cdb4889569319bf13af1d29992ce8f25f842874c7820e

    Score
    10/10
    njratnyan catsuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Downloads MZ/PE file

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks