Overview

overview

10

Static

static

aa652fc67e...21.exe

windows7_x64

10

aa652fc67e...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa652fc67ec4c4353b9a5562c9ec0d21

  • Size

    816KB

  • Sample

    210908-1wpvzaaddk

  • MD5

    aa652fc67ec4c4353b9a5562c9ec0d21

  • SHA1

    1dea45515e03d1f561e5a31a1859aea7aa05bd62

  • SHA256

    ae4fdb69e4ef555cb516a8052d715d741ae565c97cc595f3ea0dc3cd349c4b8d

  • SHA512

    eddb0fa378f4d4f9aa1ab0eee44705024e89d6bd2c09a313f60b2203f7cf52c2e66909154c4a176bf865da1c211ddcbe1d9b12224125e44eb6ee70e0c61e4e09

Score
10/10
njratnyan catevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

gbarpresencewriterprint.duckdns.org:8651

Mutex

682708ec68e74

Attributes
  • reg_key

    682708ec68e74

  • splitter

    @!#&^%$

Targets

    • Target

      aa652fc67ec4c4353b9a5562c9ec0d21

    • Size

      816KB

    • MD5

      aa652fc67ec4c4353b9a5562c9ec0d21

    • SHA1

      1dea45515e03d1f561e5a31a1859aea7aa05bd62

    • SHA256

      ae4fdb69e4ef555cb516a8052d715d741ae565c97cc595f3ea0dc3cd349c4b8d

    • SHA512

      eddb0fa378f4d4f9aa1ab0eee44705024e89d6bd2c09a313f60b2203f7cf52c2e66909154c4a176bf865da1c211ddcbe1d9b12224125e44eb6ee70e0c61e4e09

    Score
    10/10
    njratnyan catevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

4
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks