njrat | d7e72572160952121642ef404a994172e8997012282d3a0aebf9afc881748bb2 | Triage

Submit
Reports

Overview

overview

Static

static

86ed2da2a6...39.vbs

windows7_x64

7

86ed2da2a6...39.vbs

windows10-2004_x64

Sharing

General

Target

86ed2da2a6fe73f34d92e63da55d9439
Size

132KB
Sample

220117-wlc17scacq
MD5

86ed2da2a6fe73f34d92e63da55d9439
SHA1

02823118771ac1496b8a73bd15ed0a02c388ce6f
SHA256

d7e72572160952121642ef404a994172e8997012282d3a0aebf9afc881748bb2
SHA512

cd4b7aba61fa5107af11cf6a1fea55003759ae91bca949ed411597c2a1ad6380ac6bda3d66d996dd5876d9dd9f278180f463b2c9025874b05e67b71f017797ee

Score

10^/10

njrat nyan cat suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

86ed2da2a6fe73f34d92e63da55d9439.vbs

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

86ed2da2a6fe73f34d92e63da55d9439.vbs

Resource

win10v2004-en-20220112

njrat nyan cat suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

david123456.duckdns.org:9000

Mutex

51b8ebc01cec4e

Attributes

reg_key
51b8ebc01cec4e
splitter
@!#&^%$

Targets

- Target
  
  86ed2da2a6fe73f34d92e63da55d9439
- Size
  
  132KB
- MD5
  
  86ed2da2a6fe73f34d92e63da55d9439
- SHA1
  
  02823118771ac1496b8a73bd15ed0a02c388ce6f
- SHA256
  
  d7e72572160952121642ef404a994172e8997012282d3a0aebf9afc881748bb2
- SHA512
  
  cd4b7aba61fa5107af11cf6a1fea55003759ae91bca949ed411597c2a1ad6380ac6bda3d66d996dd5876d9dd9f278180f463b2c9025874b05e67b71f017797ee
Score

10^/10

njrat nyan cat suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan catsuricatatrojan

© 2018-2024

Terms | Privacy