njrat | 31219dded5259f7afccf2ff381e2abd5f13f727fec9519ef7eb6a5c7e9d81f63 | Triage

Sharing

General

Target

a0f57182eae8eee52b51ced83167862d_JaffaCakes118
Size

330KB
Sample

240612-rj642s1gqr
MD5

a0f57182eae8eee52b51ced83167862d
SHA1

d56c18224d1b98ee04000d66d014ec9ba77311fe
SHA256

31219dded5259f7afccf2ff381e2abd5f13f727fec9519ef7eb6a5c7e9d81f63
SHA512

b0fcbed430b4ae2c9c95cd213bc98fe7423b72bb975dd1458359ee9927a2e80f2a4df360a86d7324a3cb7a0829c8887f7036b0c7ccf34d7d340cca746a235920
SSDEEP

6144:uJapYtQKec6AMIABUfHlEaEw8VA5THJBA3/63t:u4YtQKjp6UfHlf8VETpBe/63t

Score

10^/10

njrat nyan cat execution trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

localhosts.anondns.net:8080

Mutex

d234306b59d14

Attributes

reg_key
d234306b59d14
splitter
@!#&^%$

Targets

- Target
  
  a0f57182eae8eee52b51ced83167862d_JaffaCakes118
- Size
  
  330KB
- MD5
  
  a0f57182eae8eee52b51ced83167862d
- SHA1
  
  d56c18224d1b98ee04000d66d014ec9ba77311fe
- SHA256
  
  31219dded5259f7afccf2ff381e2abd5f13f727fec9519ef7eb6a5c7e9d81f63
- SHA512
  
  b0fcbed430b4ae2c9c95cd213bc98fe7423b72bb975dd1458359ee9927a2e80f2a4df360a86d7324a3cb7a0829c8887f7036b0c7ccf34d7d340cca746a235920
- SSDEEP
  
  6144:uJapYtQKec6AMIABUfHlEaEw8VA5THJBA3/63t:u4YtQKjp6UfHlf8VETpBe/63t
Score

10^/10

njrat nyan cat execution trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratnyan catexecutiontrojan

behavioral2

njratnyan catexecutiontrojan