njrat | f105cb3485a82fd898764b344111e763c5d017fbda2d90a5d58fe6363cc8ec13 | Triage

Sharing

General

Target

f21b29771505e7f9259f5efa6f6ebf9c_JaffaCakes118
Size

1.3MB
Sample

240415-2r256scd9v
MD5

f21b29771505e7f9259f5efa6f6ebf9c
SHA1

d5ccd855ec03fb5e841e4bf34a0999a2b64687e8
SHA256

f105cb3485a82fd898764b344111e763c5d017fbda2d90a5d58fe6363cc8ec13
SHA512

6b9df94ac54e8b5ad661e80751bf75b9ca8a452e5320c33ba27e87d8dcef6a0c6b6cff0df7fad532e9c10bd755334c8ddb4268557e094a6d9f82c16c0e0fbcaf
SSDEEP

24576:Axxxxxxxxxxxxxxxxxxtx712xxxxxxxxxhVbaGq:Axxxxxxxxxxxxxxxxxxtx7Uxxxxxxxxs

Score

10^/10

njrat nyan cat trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

milla.publicvm.com:5050

Mutex

affbaafe724f4591

Attributes

reg_key
affbaafe724f4591
splitter
@!#&^%$

Targets

- Target
  
  f21b29771505e7f9259f5efa6f6ebf9c_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  f21b29771505e7f9259f5efa6f6ebf9c
- SHA1
  
  d5ccd855ec03fb5e841e4bf34a0999a2b64687e8
- SHA256
  
  f105cb3485a82fd898764b344111e763c5d017fbda2d90a5d58fe6363cc8ec13
- SHA512
  
  6b9df94ac54e8b5ad661e80751bf75b9ca8a452e5320c33ba27e87d8dcef6a0c6b6cff0df7fad532e9c10bd755334c8ddb4268557e094a6d9f82c16c0e0fbcaf
- SSDEEP
  
  24576:Axxxxxxxxxxxxxxxxxxtx712xxxxxxxxxhVbaGq:Axxxxxxxxxxxxxxxxxxtx7Uxxxxxxxxs
Score

10^/10

njrat nyan cat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njratnyan cattrojan

behavioral2

njratnyan cattrojan