njrat | 377a1d0fa30911193d9518f8db4910397998d710047884aaae474023a0d1bf4b | Triage

Sharing

General

Target

kay.ps1
Size

355KB
Sample

240618-zc9klawdkf
MD5

953f6ad46d857b89ecdd141940b89464
SHA1

0e1a9fc3c25340edb5c51cd55e74dd5b23ab58f6
SHA256

377a1d0fa30911193d9518f8db4910397998d710047884aaae474023a0d1bf4b
SHA512

a409ab3781cd56969025b36dd3d3ad721618b9ffc7bb60a35fc94857a38461988e8c140e3ce0983ea803c16f1ed68c99021f58914d0a1ac066953a7c6eb2be0f
SSDEEP

3072:yVg8cH9dJIRNjZZ4Ir8zKaCaDv1iRRqNhEuoTWk7:EzcpIbjr9C0HqsNF

Score

10^/10

njrat nyan cat execution trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

142.202.240.47:4444

Mutex

e6049327f0d5465989

Attributes

reg_key
e6049327f0d5465989
splitter
@!#&^%$

Targets

- Target
  
  kay.ps1
- Size
  
  355KB
- MD5
  
  953f6ad46d857b89ecdd141940b89464
- SHA1
  
  0e1a9fc3c25340edb5c51cd55e74dd5b23ab58f6
- SHA256
  
  377a1d0fa30911193d9518f8db4910397998d710047884aaae474023a0d1bf4b
- SHA512
  
  a409ab3781cd56969025b36dd3d3ad721618b9ffc7bb60a35fc94857a38461988e8c140e3ce0983ea803c16f1ed68c99021f58914d0a1ac066953a7c6eb2be0f
- SSDEEP
  
  3072:yVg8cH9dJIRNjZZ4Ir8zKaCaDv1iRRqNhEuoTWk7:EzcpIbjr9C0HqsNF
Score

10^/10

njrat nyan cat execution trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratnyan catexecutiontrojan