njrat | 80cc399540ed18faa7019f09dd2ac663689fa8ea246209309e9051b5b04110d5 | Triage

Sharing

General

Target

squadw.vbs
Size

825B
Sample

211007-z8dsssdbcm
MD5

fe6492eed50dc9d3d807b03aae535d79
SHA1

bff235e3d137717701b0095eee41582ca7e39c0a
SHA256

80cc399540ed18faa7019f09dd2ac663689fa8ea246209309e9051b5b04110d5
SHA512

31773f3f1839282f0715bb0a2a9ec5da4e3899608fede4546eca8438a479663315d1c5edb66c0bf25f533f061357eaca40018ee85cfb353f967f56dbc27645d8

Score

10^/10

njrat nyan cat trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

hermes2021.duckdns.org:4433

Mutex

5042310807584f1a993

Attributes

reg_key
5042310807584f1a993
splitter
@!#&^%$

Targets

- Target
  
  squadw.vbs
- Size
  
  825B
- MD5
  
  fe6492eed50dc9d3d807b03aae535d79
- SHA1
  
  bff235e3d137717701b0095eee41582ca7e39c0a
- SHA256
  
  80cc399540ed18faa7019f09dd2ac663689fa8ea246209309e9051b5b04110d5
- SHA512
  
  31773f3f1839282f0715bb0a2a9ec5da4e3899608fede4546eca8438a479663315d1c5edb66c0bf25f533f061357eaca40018ee85cfb353f967f56dbc27645d8
Score

10^/10

njrat nyan cat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan cattrojan