Overview

overview

10

Static

static

2f27554c5f...b4.exe

windows7_x64

8

2f27554c5f...b4.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f27554c5fbeb881bfe32ea5475befb4.exe

  • Size

    5KB

  • Sample

    210908-vz2q2seha3

  • MD5

    2f27554c5fbeb881bfe32ea5475befb4

  • SHA1

    48eceac335a3129cbf2bc50b9026ba3a7d4b58de

  • SHA256

    62adcba42e924882bbbc57aa1a7801e7000ba3366e055beeab5d935d9f7822fc

  • SHA512

    5bed056bd6dd68c45837418b461b2e88bbf70466400c55b7228275cd9552a6b8cdd446b3f469d8844a6ff9c796b9fc054b27819a77f067bba27f502038248e99

Score
10/10
njratnyan cattrojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

grennoj.duckdns.org:8000

Mutex

f171208f74a9

Attributes
  • reg_key

    f171208f74a9

  • splitter

    @!#&^%$

Targets

    • Target

      2f27554c5fbeb881bfe32ea5475befb4.exe

    • Size

      5KB

    • MD5

      2f27554c5fbeb881bfe32ea5475befb4

    • SHA1

      48eceac335a3129cbf2bc50b9026ba3a7d4b58de

    • SHA256

      62adcba42e924882bbbc57aa1a7801e7000ba3366e055beeab5d935d9f7822fc

    • SHA512

      5bed056bd6dd68c45837418b461b2e88bbf70466400c55b7228275cd9552a6b8cdd446b3f469d8844a6ff9c796b9fc054b27819a77f067bba27f502038248e99

    Score
    10/10
    njratnyan cattrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Downloads MZ/PE file

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks