njrat | d7e72572160952121642ef404a994172e8997012282d3a0aebf9afc881748bb2 | Triage

Sharing

General

Target

AVISO_E_INFORMACION_DETALLADA_FECHA_HORA_Y_LUGAR_DE_LA_PRESENTACION.vbs
Size

132KB
Sample

220117-zb8xnscgej
MD5

86ed2da2a6fe73f34d92e63da55d9439
SHA1

02823118771ac1496b8a73bd15ed0a02c388ce6f
SHA256

d7e72572160952121642ef404a994172e8997012282d3a0aebf9afc881748bb2
SHA512

cd4b7aba61fa5107af11cf6a1fea55003759ae91bca949ed411597c2a1ad6380ac6bda3d66d996dd5876d9dd9f278180f463b2c9025874b05e67b71f017797ee

Score

10^/10

njrat nyan cat suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

david123456.duckdns.org:9000

Mutex

51b8ebc01cec4e

Attributes

reg_key
51b8ebc01cec4e
splitter
@!#&^%$

Targets

- Target
  
  AVISO_E_INFORMACION_DETALLADA_FECHA_HORA_Y_LUGAR_DE_LA_PRESENTACION.vbs
- Size
  
  132KB
- MD5
  
  86ed2da2a6fe73f34d92e63da55d9439
- SHA1
  
  02823118771ac1496b8a73bd15ed0a02c388ce6f
- SHA256
  
  d7e72572160952121642ef404a994172e8997012282d3a0aebf9afc881748bb2
- SHA512
  
  cd4b7aba61fa5107af11cf6a1fea55003759ae91bca949ed411597c2a1ad6380ac6bda3d66d996dd5876d9dd9f278180f463b2c9025874b05e67b71f017797ee
Score

10^/10

njrat nyan cat suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratnyan catsuricatatrojan