njrat | 282b7e31f3fff63d2f713d0841e75e52294bb6601454e78bfd9285839ec4a34a

General

Target

Zona de Pago.vbs
Size

162KB
Sample

210915-k5jgjsach6
MD5

df165c37e5339e9a1a720e593d8f2eb1
SHA1

29f8959f9934a0a4f64bbdb3dbaa878334814fc4
SHA256

282b7e31f3fff63d2f713d0841e75e52294bb6601454e78bfd9285839ec4a34a
SHA512

277043fe7d52b876d3c8e04d0ae76f232a6e64774aeb89399c1e47952e82c65814e9004a0dcf1a824ca45ce52a05619b33fc7bcb9e33e740ecb83cc20b12b447

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://onedrive.live.com/download?cid=4DBCDBEA8A120146&resid=4DBCDBEA8A120146%21150&authkey=AKfJKvTWpXPaOuE

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

reald27.duckdns.org:3525

Mutex

f45dd4eb26

Attributes

reg_key
f45dd4eb26
splitter
@!#&^%$

Targets

- Target
  
  Zona de Pago.vbs
- Size
  
  162KB
- MD5
  
  df165c37e5339e9a1a720e593d8f2eb1
- SHA1
  
  29f8959f9934a0a4f64bbdb3dbaa878334814fc4
- SHA256
  
  282b7e31f3fff63d2f713d0841e75e52294bb6601454e78bfd9285839ec4a34a
- SHA512
  
  277043fe7d52b876d3c8e04d0ae76f232a6e64774aeb89399c1e47952e82c65814e9004a0dcf1a824ca45ce52a05619b33fc7bcb9e33e740ecb83cc20b12b447
Score

10^/10

njrat nyan cat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

njRAT/Bladabindi

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2