njrat | 3f15c83a041604541d777c6837797d4b28196f3a6926375324a2dbfb993823c0 | Triage

Sharing

General

Target

sostener.vbs
Size

1.6MB
Sample

240924-e5ekpstbmk
MD5

8476643328f5fd81e1144a3f9b340a7f
SHA1

2b07f0425c5ac7a7b8ac33f903780d740769e92f
SHA256

3f15c83a041604541d777c6837797d4b28196f3a6926375324a2dbfb993823c0
SHA512

abd50137cea3607d8535eef8cda4f20e0cfa77c533468b48c7af443bbcc13a0f60e5813c08919eeb2786f4634e7bbec8013f0fb8057424e9e4659abafd2a046b
SSDEEP

192:9PmPPPPmPPPPPPGPmPPPPmPPPPPPGPmPPPPmPPPPPPGPmPPPPmPPPPPPGPmPPPPI:V2GsBchF2lK

Score

10^/10

njrat nyan cat discovery execution trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://pastebin.com/raw/V9y5Q5vv

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

michael2009nj.duckdns.org:2828

Mutex

bf4e531b630e4de6ab2

Attributes

reg_key
bf4e531b630e4de6ab2
splitter
@!#&^%$

Targets

- Target
  
  sostener.vbs
- Size
  
  1.6MB
- MD5
  
  8476643328f5fd81e1144a3f9b340a7f
- SHA1
  
  2b07f0425c5ac7a7b8ac33f903780d740769e92f
- SHA256
  
  3f15c83a041604541d777c6837797d4b28196f3a6926375324a2dbfb993823c0
- SHA512
  
  abd50137cea3607d8535eef8cda4f20e0cfa77c533468b48c7af443bbcc13a0f60e5813c08919eeb2786f4634e7bbec8013f0fb8057424e9e4659abafd2a046b
- SSDEEP
  
  192:9PmPPPPmPPPPPPGPmPPPPmPPPPPPGPmPPPPmPPPPPPGPmPPPPmPPPPPPGPmPPPPI:V2GsBchF2lK
Score

10^/10

execution njrat nyan cat discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan catdiscoveryexecutiontrojan