njrat | fffd645e0ed3e653627764842ea17cb464bae80ef48ddb3dbe54d1eddf6b1bb9 | Triage

Sharing

General

Target

Aviso_importante_para_dar_mejor_aclaración_del_cobro_jurídico_ver.vbs
Size

151KB
Sample

220104-v6911ahffk
MD5

375043101c2b371e5db90b0abdb0379d
SHA1

8ca125b715a2f166ae8d24c87264f9beb4ddda6b
SHA256

fffd645e0ed3e653627764842ea17cb464bae80ef48ddb3dbe54d1eddf6b1bb9
SHA512

582ad71b82c9fd666a5c26738264aded5d226e1a2417f30e55f4b258c3c111caf18b15dcf9d0ffb48c1fa96a996a845cd9e64357925b0f29939252085d6ff416

Score

10^/10

njrat nyan cat suricata trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://91.241.19.49/ramdes/DownloaderF3.txt

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

revg.duckdns.org:57831

Mutex

ebef4abe57d24e8

Attributes

reg_key
ebef4abe57d24e8
splitter
@!#&^%$

Targets

- Target
  
  Aviso_importante_para_dar_mejor_aclaración_del_cobro_jurídico_ver.vbs
- Size
  
  151KB
- MD5
  
  375043101c2b371e5db90b0abdb0379d
- SHA1
  
  8ca125b715a2f166ae8d24c87264f9beb4ddda6b
- SHA256
  
  fffd645e0ed3e653627764842ea17cb464bae80ef48ddb3dbe54d1eddf6b1bb9
- SHA512
  
  582ad71b82c9fd666a5c26738264aded5d226e1a2417f30e55f4b258c3c111caf18b15dcf9d0ffb48c1fa96a996a845cd9e64357925b0f29939252085d6ff416
Score

10^/10

njrat nyan cat suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan catsuricatatrojan