njrat | d73a649453aa31836d525ffaa82c39ac709df90b84b1f2a16f2dc1f616bc4dea | Triage

Sharing

General

Target

IMAGENES DETALLADAS FOTO COMPARENDOS RADICADO #200022122-2023-0233256-PNG.vbs
Size

307KB
Sample

230303-h5c9esge73
MD5

5912e7f90842501c6827a55c9205b572
SHA1

206243a6cb9552e40745a2731d6d65d97b3231e1
SHA256

d73a649453aa31836d525ffaa82c39ac709df90b84b1f2a16f2dc1f616bc4dea
SHA512

7f5877a140be613b42c6b9f9ee5c96467787cfacd19e55c4343f903a8abe3bdc65749e0ffd2c19d26508ba3343de095520369ce30b9de40ce429d7cdcf2958bb
SSDEEP

768:javj9PPxu9PSmOaQLEpiAnUiK8IwajcaEuFqjLcDTcsI3ug6X:WvjVPxu9PkaKEpigIREMYvT6X

Score

10^/10

njrat nyan cat trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

system88.duckdns.org:7777

Mutex

219fddecf84640c3b

Attributes

reg_key
219fddecf84640c3b
splitter
@!#&^%$

Targets

- Target
  
  IMAGENES DETALLADAS FOTO COMPARENDOS RADICADO #200022122-2023-0233256-PNG.vbs
- Size
  
  307KB
- MD5
  
  5912e7f90842501c6827a55c9205b572
- SHA1
  
  206243a6cb9552e40745a2731d6d65d97b3231e1
- SHA256
  
  d73a649453aa31836d525ffaa82c39ac709df90b84b1f2a16f2dc1f616bc4dea
- SHA512
  
  7f5877a140be613b42c6b9f9ee5c96467787cfacd19e55c4343f903a8abe3bdc65749e0ffd2c19d26508ba3343de095520369ce30b9de40ce429d7cdcf2958bb
- SSDEEP
  
  768:javj9PPxu9PSmOaQLEpiAnUiK8IwajcaEuFqjLcDTcsI3ug6X:WvjVPxu9PkaKEpigIREMYvT6X
Score

10^/10

njrat nyan cat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan cattrojan