njrat | 623027463a2ef70f60ff6a0991019847a3fb24da3b633b52da4a99a77c99f92b | Triage

Submit
Reports

Overview

overview

Static

static

Comprovant...a.ppam

windows7_x64

Comprovant...a.ppam

windows10_x64

Sharing

General

Target

ComprovanteXdeXreserva.ppam
Size

20KB
Sample

220110-e8th2adha8
MD5

fd0d3e25d88b5c318f4dc543a7770f22
SHA1

94572d313222700a565f2ff161223bb28464636c
SHA256

623027463a2ef70f60ff6a0991019847a3fb24da3b633b52da4a99a77c99f92b
SHA512

48936b4677c10a8466cbaa631a9cbc8ce2b0d995b427fd56c894d98d42abc834bbaeb397401ff131b94f93f05978c8496cf9beaad2f059d8bd04511b40e2e9d8

Score

10^/10

njrat nyan cat trojan

Static task

static1

Behavioral task

behavioral1

Sample

ComprovanteXdeXreserva.ppam

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ComprovanteXdeXreserva.ppam

Resource

win10-en-20211208

njrat nyan cat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

fidapeste2.duckdns.org:5552

Mutex

94b3fabc19494c

Attributes

reg_key
94b3fabc19494c
splitter
@!#&^%$

Targets

- Target
  
  ComprovanteXdeXreserva.ppam
- Size
  
  20KB
- MD5
  
  fd0d3e25d88b5c318f4dc543a7770f22
- SHA1
  
  94572d313222700a565f2ff161223bb28464636c
- SHA256
  
  623027463a2ef70f60ff6a0991019847a3fb24da3b633b52da4a99a77c99f92b
- SHA512
  
  48936b4677c10a8466cbaa631a9cbc8ce2b0d995b427fd56c894d98d42abc834bbaeb397401ff131b94f93f05978c8496cf9beaad2f059d8bd04511b40e2e9d8
Score

10^/10

njrat nyan cat trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan cattrojan

© 2018-2024

Terms | Privacy