njrat | 2a196da9c5e2dcf30d7eb90464a4296bc1f0046958836157c07ab4782e5af108 | Triage

Sharing

General

Target

9fb660eca8d9ed1038a8cffc032e59bb.vbs
Size

151KB
Sample

211217-ztb1nafaar
MD5

9fb660eca8d9ed1038a8cffc032e59bb
SHA1

4aff5b55b1b499cec665f46b132856a4a300b4e9
SHA256

2a196da9c5e2dcf30d7eb90464a4296bc1f0046958836157c07ab4782e5af108
SHA512

0bcb0de54a3bdbe9d0e2be1899ab05060a7db58ae6e53aeed82a54b99f126502e0366415e590f22909aa9531c272af8287c6d5f06ece31de21156bcc2ef81790

Score

10^/10

njrat nyan cat suricata trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://91.241.19.49/ramdes/DownloaderF3.txt

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

revg.duckdns.org:57831

Mutex

ebef4abe57d24e8

Attributes

reg_key
ebef4abe57d24e8
splitter
@!#&^%$

Targets

- Target
  
  9fb660eca8d9ed1038a8cffc032e59bb.vbs
- Size
  
  151KB
- MD5
  
  9fb660eca8d9ed1038a8cffc032e59bb
- SHA1
  
  4aff5b55b1b499cec665f46b132856a4a300b4e9
- SHA256
  
  2a196da9c5e2dcf30d7eb90464a4296bc1f0046958836157c07ab4782e5af108
- SHA512
  
  0bcb0de54a3bdbe9d0e2be1899ab05060a7db58ae6e53aeed82a54b99f126502e0366415e590f22909aa9531c272af8287c6d5f06ece31de21156bcc2ef81790
Score

10^/10

njrat nyan cat suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan catsuricatatrojan