njrat | 15d5605f08420bd6b2ed02d9e08885e442c3f3e0bd4423b2ca7450f593799963 | Triage

Sharing

General

Target

xs6Wrp6hsMa5.exe
Size

32KB
Sample

230131-ttetnaha66
MD5

9bb347432d6e8b9547423d3669480fea
SHA1

7fce085a31c86c3fadd50c4112de8a29ce6f56d3
SHA256

15d5605f08420bd6b2ed02d9e08885e442c3f3e0bd4423b2ca7450f593799963
SHA512

ba9bffb9b02941e464df8f4516067f18de769e56d1cfcce16e7c067b7bc07567a7e18ab3e22ebe5c3b662eeafbd71d2e9a01a17f2d6bb373a8a4b75842e88384
SSDEEP

384:I0bUe5XB4e0XmOntlXCpF7r/HWTztTUFQqzFfObbT:9T9Bu1tlQQ1bT

Score

10^/10

njrat nyan cat trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

nuevosecua.duckdns.org:2054

127.0.0.1:5552

Mutex

6adca2f50d464

Attributes

reg_key
6adca2f50d464
splitter
@!#&^%$

Targets

- Target
  
  xs6Wrp6hsMa5.exe
- Size
  
  32KB
- MD5
  
  9bb347432d6e8b9547423d3669480fea
- SHA1
  
  7fce085a31c86c3fadd50c4112de8a29ce6f56d3
- SHA256
  
  15d5605f08420bd6b2ed02d9e08885e442c3f3e0bd4423b2ca7450f593799963
- SHA512
  
  ba9bffb9b02941e464df8f4516067f18de769e56d1cfcce16e7c067b7bc07567a7e18ab3e22ebe5c3b662eeafbd71d2e9a01a17f2d6bb373a8a4b75842e88384
- SSDEEP
  
  384:I0bUe5XB4e0XmOntlXCpF7r/HWTztTUFQqzFfObbT:9T9Bu1tlQQ1bT
Score

10^/10

njrat nyan cat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratnyan cattrojan

behavioral2

njratnyan cattrojan