njrat | bc07c50c0b92825bf9436f7a6816bd86c54f827c00c87304b63ff67ee05e695d

Resubmissions

10/10/2022, 20:23

221010-y6fc6sdcdk 10

04/10/2022, 21:00

221004-ztcl7aced4 8

Sharing

Copy URL Twitter E-mail

General

Target

0f35bfed5b1817310378a5df58ca5fcd
Size

84KB
Sample

221010-y6fc6sdcdk
MD5

0f35bfed5b1817310378a5df58ca5fcd
SHA1

3062b699b4944f3e70ee80127fe760a68fb3f453
SHA256

bc07c50c0b92825bf9436f7a6816bd86c54f827c00c87304b63ff67ee05e695d
SHA512

c14007ae998ac0bfa7816f314e0c42919c820651e327eb67f6c182e2bd2b0aa2fdef64d6b7f7f51471e6f4903a4e632d354bed5a49ad5f411801857abfc3e9c0
SSDEEP

48:4sLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLG:tiJZ

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://tinyurl.com/2erph6cs

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

dnsproxi2022.duckdns.org:1986

Mutex

6beb218c1e6044f785a

Attributes

reg_key
6beb218c1e6044f785a
splitter
@!#&^%$

Targets

- Target
  
  0f35bfed5b1817310378a5df58ca5fcd
- Size
  
  84KB
- MD5
  
  0f35bfed5b1817310378a5df58ca5fcd
- SHA1
  
  3062b699b4944f3e70ee80127fe760a68fb3f453
- SHA256
  
  bc07c50c0b92825bf9436f7a6816bd86c54f827c00c87304b63ff67ee05e695d
- SHA512
  
  c14007ae998ac0bfa7816f314e0c42919c820651e327eb67f6c182e2bd2b0aa2fdef64d6b7f7f51471e6f4903a4e632d354bed5a49ad5f411801857abfc3e9c0
- SSDEEP
  
  48:4sLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLG:tiJZ
Score

10^/10

njrat nyan cat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

njRAT/Bladabindi

Blocklisted process makes network request

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2