njrat | bd5fa7ccde2dbc145685b36d66c3c6161e7e780308bd6ec29666139908e7db26 | Triage

Sharing

General

Target

6a5f6fba52919a8f6f8e371284c3458b.exe
Size

104KB
Sample

211002-c1w8vaddf7
MD5

6a5f6fba52919a8f6f8e371284c3458b
SHA1

669cba3048a250fdb53c4a708ae7b92006072942
SHA256

bd5fa7ccde2dbc145685b36d66c3c6161e7e780308bd6ec29666139908e7db26
SHA512

5bb20db97e23e93a1c4a6e54bc0b13973012e04d71f4b3efd3e5e1ba691fb0d86a6fbd758446ceab7827be9cb790998d432ed4150d6ddbfdf17b7f8314386e13

Score

10^/10

njrat nyan cat persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

paomarca.duckdns.org:2054

Mutex

fede6f9724

Attributes

reg_key
fede6f9724
splitter
@!#&^%$

Targets

- Target
  
  6a5f6fba52919a8f6f8e371284c3458b.exe
- Size
  
  104KB
- MD5
  
  6a5f6fba52919a8f6f8e371284c3458b
- SHA1
  
  669cba3048a250fdb53c4a708ae7b92006072942
- SHA256
  
  bd5fa7ccde2dbc145685b36d66c3c6161e7e780308bd6ec29666139908e7db26
- SHA512
  
  5bb20db97e23e93a1c4a6e54bc0b13973012e04d71f4b3efd3e5e1ba691fb0d86a6fbd758446ceab7827be9cb790998d432ed4150d6ddbfdf17b7f8314386e13
Score

10^/10

njrat nyan cat persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Core1 .NET packer
  Detects packer/loader used by .NET malware.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratnyan catpersistencetrojan

behavioral2

njratnyan catpersistencetrojan