njrat | e25d5a23459ac8a9dd459db9ff70b0553f256b6b074c3848bffa65886d6d9f24 | Triage

Sharing

General

Target

SPOA Sistema Penal Oral Acusatorio Notificacion de requerimiento fiscal a su nombre por admision de denuncia.vbs.vbs
Size

827B
Sample

210913-s9c5bshbbq
MD5

5b4cbb9b11c79830351c9e2bf59c5a42
SHA1

98328f4e9da68649cb8c003b83f1123cfef91678
SHA256

e25d5a23459ac8a9dd459db9ff70b0553f256b6b074c3848bffa65886d6d9f24
SHA512

ced0b4a8a102be874860836fa674b07c0161352e3ac3066cd248f53c770948d54b098a6bc96128cddc92044028bc092edc0416dac72cdb96f67a75040e7df15f

Score

10^/10

njrat nyan cat trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

fuckand.duckdns.org:3016

Mutex

30c67308ea73

Attributes

reg_key
30c67308ea73
splitter
@!#&^%$

Targets

- Target
  
  SPOA Sistema Penal Oral Acusatorio Notificacion de requerimiento fiscal a su nombre por admision de denuncia.vbs.vbs
- Size
  
  827B
- MD5
  
  5b4cbb9b11c79830351c9e2bf59c5a42
- SHA1
  
  98328f4e9da68649cb8c003b83f1123cfef91678
- SHA256
  
  e25d5a23459ac8a9dd459db9ff70b0553f256b6b074c3848bffa65886d6d9f24
- SHA512
  
  ced0b4a8a102be874860836fa674b07c0161352e3ac3066cd248f53c770948d54b098a6bc96128cddc92044028bc092edc0416dac72cdb96f67a75040e7df15f
Score

10^/10

njrat nyan cat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan cattrojan