njrat | 9877fc613035d533feda6adc6848e183bf8c8660de3a34b1acd73c75e62e2823 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9877fc613035d533feda6adc6848e183bf8c8660de3a34b1acd73c75e62e2823exe_JC.exe
Size

32KB
Sample

231008-ted9ksgc45
MD5

68ba6d9812051a668115149f195b1956
SHA1

e106690c140bbf6de3e12f5cecaae1a4da3eac21
SHA256

9877fc613035d533feda6adc6848e183bf8c8660de3a34b1acd73c75e62e2823
SHA512

f5329f2d090a124b1257bfa84a5cde028015b3f7194032a04955575d1b3664c6ec171f0676208ddeb1a8b69c2380fb78021057c13211811a924ee500129de8e1
SSDEEP

384:80bUe5XB4e0X5Ob7w0Q0mS03AWTxtTUFQqzFZObbt:pT9Bug455dnbt

Score

10^/10

njrat nyan cat

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

1.tcp.sa.ngrok.io:21422

Mutex

13043955940

Attributes

reg_key
13043955940
splitter
@!#&^%$

Targets

- Target
  
  NEAS.9877fc613035d533feda6adc6848e183bf8c8660de3a34b1acd73c75e62e2823exe_JC.exe
- Size
  
  32KB
- MD5
  
  68ba6d9812051a668115149f195b1956
- SHA1
  
  e106690c140bbf6de3e12f5cecaae1a4da3eac21
- SHA256
  
  9877fc613035d533feda6adc6848e183bf8c8660de3a34b1acd73c75e62e2823
- SHA512
  
  f5329f2d090a124b1257bfa84a5cde028015b3f7194032a04955575d1b3664c6ec171f0676208ddeb1a8b69c2380fb78021057c13211811a924ee500129de8e1
- SSDEEP
  
  384:80bUe5XB4e0X5Ob7w0Q0mS03AWTxtTUFQqzFZObbt:pT9Bug455dnbt
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2