Overview

overview

10

Static

static

3

a7e5ba6eb8...4b.exe

windows7-x64

10

a7e5ba6eb8...4b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a7e5ba6eb88830abc5baa063d667d36a786cd9c845b6d3536aa2c5405332e74b.exe

  • Size

    2.0MB

  • Sample

    230605-wd3xnahh98

  • MD5

    4a9efd5ecea388e5ce1d20b75060874b

  • SHA1

    5cd3796b22f4c126df395f4fbb4285a3997ec345

  • SHA256

    a7e5ba6eb88830abc5baa063d667d36a786cd9c845b6d3536aa2c5405332e74b

  • SHA512

    08186d35b539c1984384de0bcf36faf510b997a39f06661c9de573843357dcffbb6c7f750e578f30570dadc3fde2166ee0f1b11e1bcf883d4bef197409c6c006

  • SSDEEP

    3072:OgdUd3vlTmL/A5nzbYHnzVO9qtD2jW+/5LUa:adfiAxbYHnz5ay+/5L

Score
10/10
njratnyan cattrojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

juancaf4000.duckdns.org:5050

Mutex

2925ee0393c24d569

Attributes
  • reg_key

    2925ee0393c24d569

  • splitter

    @!#&^%$

Targets

    • Target

      a7e5ba6eb88830abc5baa063d667d36a786cd9c845b6d3536aa2c5405332e74b.exe

    • Size

      2.0MB

    • MD5

      4a9efd5ecea388e5ce1d20b75060874b

    • SHA1

      5cd3796b22f4c126df395f4fbb4285a3997ec345

    • SHA256

      a7e5ba6eb88830abc5baa063d667d36a786cd9c845b6d3536aa2c5405332e74b

    • SHA512

      08186d35b539c1984384de0bcf36faf510b997a39f06661c9de573843357dcffbb6c7f750e578f30570dadc3fde2166ee0f1b11e1bcf883d4bef197409c6c006

    • SSDEEP

      3072:OgdUd3vlTmL/A5nzbYHnzVO9qtD2jW+/5LUa:adfiAxbYHnz5ay+/5L

    Score
    10/10
    njratnyan cattrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks