Overview

overview

10

Static

static

34ce23e0ca...436.js

windows7_x64

10

34ce23e0ca...436.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34ce23e0cac1eb85e253f52b87c53436

  • Size

    256B

  • Sample

    211201-v7l1kaedhn

  • MD5

    34ce23e0cac1eb85e253f52b87c53436

  • SHA1

    fbc026960fc1009eae89f7506276a5e153ec58ec

  • SHA256

    ba2680549e33524c3b96c4b2be01c47297e977fe7532034936d8baa4f6dc3104

  • SHA512

    488b7d7cc0a3a723273f4bac17f4b45daa9c894d03af15b6c14e84d9f9b4ee3fa7d263b03fb3c12c78361a4a9d92b77a6e7a25e323b9494e937ba1ca6be92c9d

Score
10/10
njratnyan catsuricatatrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://cdn.discordapp.com/attachments/908377323814916189/915315815404953630/yuniiii.txt

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

yuni2022.duckdns.org:2000

Mutex

4ab2234479534

Attributes
  • reg_key

    4ab2234479534

  • splitter

    @!#&^%$

Targets

    • Target

      34ce23e0cac1eb85e253f52b87c53436

    • Size

      256B

    • MD5

      34ce23e0cac1eb85e253f52b87c53436

    • SHA1

      fbc026960fc1009eae89f7506276a5e153ec58ec

    • SHA256

      ba2680549e33524c3b96c4b2be01c47297e977fe7532034936d8baa4f6dc3104

    • SHA512

      488b7d7cc0a3a723273f4bac17f4b45daa9c894d03af15b6c14e84d9f9b4ee3fa7d263b03fb3c12c78361a4a9d92b77a6e7a25e323b9494e937ba1ca6be92c9d

    Score
    10/10
    njratnyan catsuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Blocklisted process makes network request

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks