njrat | e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed | Triage

Sharing

General

Target

e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed.vbs
Size

828B
Sample

210915-kd3fcaacc9
MD5

9af0d5fbc14e3ac0ae409dfef6e04228
SHA1

931b3139830e5485f198bb72ecba50475e4c8df2
SHA256

e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed
SHA512

fdca50df12edb4d7784a3c769908a695221456e8729b7ec61ec86b8328a18040c5aca7f2d6879f336b6c1a44b1323a8f1f05ff6dd14a4cbd9f233fedcd019f0e

Score

10^/10

njrat nyan cat trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

envirat.duckdns.org:3013

Mutex

6de17d5355fa43eca7e

Attributes

reg_key
6de17d5355fa43eca7e
splitter
@!#&^%$

Targets

- Target
  
  e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed.vbs
- Size
  
  828B
- MD5
  
  9af0d5fbc14e3ac0ae409dfef6e04228
- SHA1
  
  931b3139830e5485f198bb72ecba50475e4c8df2
- SHA256
  
  e147c36f7e37e928c129b2337c90bda770f4cd437899932c723fd9d5392859ed
- SHA512
  
  fdca50df12edb4d7784a3c769908a695221456e8729b7ec61ec86b8328a18040c5aca7f2d6879f336b6c1a44b1323a8f1f05ff6dd14a4cbd9f233fedcd019f0e
Score

10^/10

njrat nyan cat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan cattrojan