Overview

overview

10

Static

static

Electronic...df.lnk

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Electronic Tickets EDC.pdf.lnk

  • Size

    2KB

  • Sample

    220104-jd5p2aaehp

  • MD5

    34bdd2618a00931b868b76fa30b0b90a

  • SHA1

    7503950b391c35b82c2903d2b6534487d1621d03

  • SHA256

    24dd2af82ba220d2f86df039b39c6fd38515d99093a3a42eb54da6af0759969c

  • SHA512

    83fa56f79b6ff9203ca9dbed3c2a6f92b38b240ae1215987a86c22302b11c47bd24a57494738e459f3c67c8390716435b9d0a0cedd41f130a2560cb1886444ac

Score
10/10
njratnyan catsuricatatrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://149.56.200.165/dll/3.txt

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

venomsi.mypsx.net:83

Mutex

e6bb431cd02

Attributes
  • reg_key

    e6bb431cd02

  • splitter

    @!#&^%$

Targets

    • Target

      Electronic Tickets EDC.pdf.lnk

    • Size

      2KB

    • MD5

      34bdd2618a00931b868b76fa30b0b90a

    • SHA1

      7503950b391c35b82c2903d2b6534487d1621d03

    • SHA256

      24dd2af82ba220d2f86df039b39c6fd38515d99093a3a42eb54da6af0759969c

    • SHA512

      83fa56f79b6ff9203ca9dbed3c2a6f92b38b240ae1215987a86c22302b11c47bd24a57494738e459f3c67c8390716435b9d0a0cedd41f130a2560cb1886444ac

    Score
    10/10
    njratnyan catsuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks