njrat | df841db0f1f8f968ec6fc8c0d8bbd618bbacdcd7bf8146ad0267371884071576 | Triage

Sharing

General

Target

df841db0f1f8f968ec6fc8c0d8bbd618bbacdcd7bf8146ad0267371884071576
Size

13KB
Sample

210916-kn35mafdep
MD5

354b2d0793453d6be6e92cb740f170e4
SHA1

9061310c8d87029de3088a95f22c28614d1c916f
SHA256

df841db0f1f8f968ec6fc8c0d8bbd618bbacdcd7bf8146ad0267371884071576
SHA512

dd74a5ff1a704104313b71ee83710896eff4e3d38ced07c68593025eae1ed13da6b44cbc635b9dbee384dd22ae7d18d16f89371b79466b33645fe3cadf27ed35

Score

10^/10

njrat nyan cat persistence suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

107.167.244.67:18971

Mutex

4a178b198a1a4260aad

Attributes

reg_key
4a178b198a1a4260aad
splitter
@!#&^%$

Targets

- Target
  
  df841db0f1f8f968ec6fc8c0d8bbd618bbacdcd7bf8146ad0267371884071576
- Size
  
  13KB
- MD5
  
  354b2d0793453d6be6e92cb740f170e4
- SHA1
  
  9061310c8d87029de3088a95f22c28614d1c916f
- SHA256
  
  df841db0f1f8f968ec6fc8c0d8bbd618bbacdcd7bf8146ad0267371884071576
- SHA512
  
  dd74a5ff1a704104313b71ee83710896eff4e3d38ced07c68593025eae1ed13da6b44cbc635b9dbee384dd22ae7d18d16f89371b79466b33645fe3cadf27ed35
Score

10^/10

njrat nyan cat persistence suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Downloads MZ/PE file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratnyan catpersistencesuricatatrojan

behavioral2

njratnyan catpersistencesuricatatrojan