njrat | ac630699a97a8f5c8273f1531df135ae3dd88ff8bd952a5944783f044cff2871 | Triage

Sharing

General

Target

NJRATCASA22.zip
Size

3KB
Sample

220126-ktbbssbdf2
MD5

097303335d29c881dacc3e84a53bb9d8
SHA1

94df28f7a1974ef41627ed15b629b0bf96a3cc97
SHA256

ac630699a97a8f5c8273f1531df135ae3dd88ff8bd952a5944783f044cff2871
SHA512

62c6224984b54bb02083102ae8042254ffe4762bf3d1e35032ae4612fb4b2c2f7e36ddcf3b2ddb93a0383ba24ea65e7240c5d5e23714e8988ed15f8854fb3d79

Score

10^/10

njrat nyan cat trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://192.99.190.34/dll/1.txt

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

venomsi.mypsx.net:81

Mutex

4c6c9a1bbdc34e6ebe

Attributes

reg_key
4c6c9a1bbdc34e6ebe
splitter
@!#&^%$

Targets

- Target
  
  NJRATCASA22.vbs
- Size
  
  330KB
- MD5
  
  8a4f7794001fbe25ab1820e9a66db1da
- SHA1
  
  fd1e5582b21480d6d19b247fe71f96d500314038
- SHA256
  
  6cbb94dab89d523749b578de2590ad064049c0574476f553df9ffcf9d13ddf51
- SHA512
  
  dd5305d5613314d78972169320971021e9d98af6c7cc5b2cb494996fe275cea87ad9aa9cd4f0109b482e6bb45b88f1fedf557c82925c68b152c7da110a292751
Score

10^/10

njrat nyan cat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan cattrojan