njrat | 6786d7be736d7131db9aae8c1f51a2f2a86f506cebda18af9cbb8d54e51c7eb3 | Triage

Sharing

General

Target

Requerimiento fiscal aqui encontrara copia de la denuncia presentada en su contra NUNC SPOA.vbs
Size

826B
Sample

210913-tcq6cseae7
MD5

676950cc6c5b064bd1a75cdc8cbf4438
SHA1

7deabbeb895a1839b61b1f5a4ddbabbc5ca566b6
SHA256

6786d7be736d7131db9aae8c1f51a2f2a86f506cebda18af9cbb8d54e51c7eb3
SHA512

8a30e71961e19c033e9bb03f18f891ba4f40fb44d18f55539823f876ee38790ebd21591558e01838dc33f6f4fba405e888b5d14ce2c75104f0782e893d8f45f0

Score

10^/10

njrat nyan cat trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

yur2021.duckdns.org:2001

Mutex

0a30571c770d468e

Attributes

reg_key
0a30571c770d468e
splitter
@!#&^%$

Targets

- Target
  
  Requerimiento fiscal aqui encontrara copia de la denuncia presentada en su contra NUNC SPOA.vbs
- Size
  
  826B
- MD5
  
  676950cc6c5b064bd1a75cdc8cbf4438
- SHA1
  
  7deabbeb895a1839b61b1f5a4ddbabbc5ca566b6
- SHA256
  
  6786d7be736d7131db9aae8c1f51a2f2a86f506cebda18af9cbb8d54e51c7eb3
- SHA512
  
  8a30e71961e19c033e9bb03f18f891ba4f40fb44d18f55539823f876ee38790ebd21591558e01838dc33f6f4fba405e888b5d14ce2c75104f0782e893d8f45f0
Score

10^/10

njrat nyan cat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan cattrojan