njrat | d7e72572160952121642ef404a994172e8997012282d3a0aebf9afc881748bb2 | Triage

Sharing

General

Target

AVISO_E_INFORMACION_DETALLADA_FECHA_HORA_Y_LUGAR_DE_LA_PRESENTACION.vbs
Size

132KB
Sample

220117-zb8xnscgej
MD5

86ed2da2a6fe73f34d92e63da55d9439
SHA1

02823118771ac1496b8a73bd15ed0a02c388ce6f
SHA256

d7e72572160952121642ef404a994172e8997012282d3a0aebf9afc881748bb2
SHA512

cd4b7aba61fa5107af11cf6a1fea55003759ae91bca949ed411597c2a1ad6380ac6bda3d66d996dd5876d9dd9f278180f463b2c9025874b05e67b71f017797ee

Score

10^/10

njrat nyan cat suricata trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

david123456.duckdns.org:9000

Mutex

51b8ebc01cec4e

Attributes

reg_key
51b8ebc01cec4e
splitter
@!#&^%$

Targets

- Target
  
  AVISO_E_INFORMACION_DETALLADA_FECHA_HORA_Y_LUGAR_DE_LA_PRESENTACION.vbs
- Size
  
  132KB
- MD5
  
  86ed2da2a6fe73f34d92e63da55d9439
- SHA1
  
  02823118771ac1496b8a73bd15ed0a02c388ce6f
- SHA256
  
  d7e72572160952121642ef404a994172e8997012282d3a0aebf9afc881748bb2
- SHA512
  
  cd4b7aba61fa5107af11cf6a1fea55003759ae91bca949ed411597c2a1ad6380ac6bda3d66d996dd5876d9dd9f278180f463b2c9025874b05e67b71f017797ee
Score

10^/10

njrat nyan cat suricata trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratnyan catsuricatatrojan