njrat | bf0ddee14b9717013195a230012ba8cfae6211da6cfdcfc6abc99578a0b61e9a

General

Target

bf0ddee14b9717013195a230012ba8cfae6211da6cfdcfc6abc99578a0b61e9a
Size

1KB
Sample

220707-yl7xpahgdl
MD5

dcf70880bd956403ff860a161f46d006
SHA1

bc58522fa1b0f28e512c16b5759b1f706a9c79f5
SHA256

bf0ddee14b9717013195a230012ba8cfae6211da6cfdcfc6abc99578a0b61e9a
SHA512

b7cb8d9fd28afa6195ba34f0aa3142aa4c7a085d1a36677138fd70a25d6dd180656b8edc4642e15a3edb2ac816a86832bc91835f83ca6b391ffbd3c2db4f5f82

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://cdn.discordapp.com/attachments/749769178239467520/795351734603350066/3.txt

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

xbbu.myq-see.com:4444

Mutex

0c030688cdfe4e

Attributes

reg_key
0c030688cdfe4e
splitter
@!#&^%$

Targets

- Target
  
  bf0ddee14b9717013195a230012ba8cfae6211da6cfdcfc6abc99578a0b61e9a
- Size
  
  1KB
- MD5
  
  dcf70880bd956403ff860a161f46d006
- SHA1
  
  bc58522fa1b0f28e512c16b5759b1f706a9c79f5
- SHA256
  
  bf0ddee14b9717013195a230012ba8cfae6211da6cfdcfc6abc99578a0b61e9a
- SHA512
  
  b7cb8d9fd28afa6195ba34f0aa3142aa4c7a085d1a36677138fd70a25d6dd180656b8edc4642e15a3edb2ac816a86832bc91835f83ca6b391ffbd3c2db4f5f82
Score

10^/10

njrat nyan cat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

njRAT/Bladabindi

Blocklisted process makes network request

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2