njrat | 946bd0343beb66996e777f0f7b83143053aa574ddaae249fae927795891a0363 | Triage

Sharing

General

Target

bc1df94edc704d4be73eb5e91c2331be.vbs
Size

151KB
Sample

211221-sdctpaefbq
MD5

bc1df94edc704d4be73eb5e91c2331be
SHA1

18d6f490b6a99d8a17df13c0bd037fd56e215d8c
SHA256

946bd0343beb66996e777f0f7b83143053aa574ddaae249fae927795891a0363
SHA512

1c6af4ec257a33e365dc43b278fbbbd4e127cfe1b89974c871425b8165b30c374707eac15deaeb7b4bb869159d9d4271951dc7ce28cf062f9c147278018b1d61

Score

10^/10

njrat nyan cat suricata trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://91.241.19.49/ramdes/DownloaderF3.txt

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

revg.duckdns.org:57831

Mutex

ebef4abe57d24e8

Attributes

reg_key
ebef4abe57d24e8
splitter
@!#&^%$

Targets

- Target
  
  bc1df94edc704d4be73eb5e91c2331be.vbs
- Size
  
  151KB
- MD5
  
  bc1df94edc704d4be73eb5e91c2331be
- SHA1
  
  18d6f490b6a99d8a17df13c0bd037fd56e215d8c
- SHA256
  
  946bd0343beb66996e777f0f7b83143053aa574ddaae249fae927795891a0363
- SHA512
  
  1c6af4ec257a33e365dc43b278fbbbd4e127cfe1b89974c871425b8165b30c374707eac15deaeb7b4bb869159d9d4271951dc7ce28cf062f9c147278018b1d61
Score

10^/10

njrat nyan cat suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan catsuricatatrojan