njrat | ba2680549e33524c3b96c4b2be01c47297e977fe7532034936d8baa4f6dc3104

General

Target

34ce23e0cac1eb85e253f52b87c53436
Size

256B
Sample

211202-dme8vadfg9
MD5

34ce23e0cac1eb85e253f52b87c53436
SHA1

fbc026960fc1009eae89f7506276a5e153ec58ec
SHA256

ba2680549e33524c3b96c4b2be01c47297e977fe7532034936d8baa4f6dc3104
SHA512

488b7d7cc0a3a723273f4bac17f4b45daa9c894d03af15b6c14e84d9f9b4ee3fa7d263b03fb3c12c78361a4a9d92b77a6e7a25e323b9494e937ba1ca6be92c9d

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://cdn.discordapp.com/attachments/908377323814916189/915315815404953630/yuniiii.txt

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

yuni2022.duckdns.org:2000

Mutex

4ab2234479534

Attributes

reg_key
4ab2234479534
splitter
@!#&^%$

Targets

- Target
  
  34ce23e0cac1eb85e253f52b87c53436
- Size
  
  256B
- MD5
  
  34ce23e0cac1eb85e253f52b87c53436
- SHA1
  
  fbc026960fc1009eae89f7506276a5e153ec58ec
- SHA256
  
  ba2680549e33524c3b96c4b2be01c47297e977fe7532034936d8baa4f6dc3104
- SHA512
  
  488b7d7cc0a3a723273f4bac17f4b45daa9c894d03af15b6c14e84d9f9b4ee3fa7d263b03fb3c12c78361a4a9d92b77a6e7a25e323b9494e937ba1ca6be92c9d
Score

10^/10

njrat nyan cat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

njRAT/Bladabindi

Blocklisted process makes network request

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2