njrat | b1c0e35f47273a236518f43ee56c0367d8b423ca9ed8f9e7ad4a875caa47bb69 | Triage

Sharing

General

Target

753c707e47bce65d32be781ea1584e0b_JaffaCakes118
Size

84KB
Sample

241024-299yqsxdle
MD5

753c707e47bce65d32be781ea1584e0b
SHA1

7b43f6a910b01553dfae51560570365e3ce9ed42
SHA256

b1c0e35f47273a236518f43ee56c0367d8b423ca9ed8f9e7ad4a875caa47bb69
SHA512

8afc2ebbc80e17e42317202e9479e0c223456cf9f0b22ccdf9fe486eff19ebf9a33a2e00c01aa81168d4ad9950c34c8d78dc2f5821702fe61874221088d3cdda
SSDEEP

1536:2ppfa5dJy8Cgrw7rPNDwhucaDlZ5gb0HI//4gQF0eCaL:3yIwmhuDlZWbcO4/waL

Score

10^/10

njrat nyan cat discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

NYAN CAT

C2

narotomagic.publicvm.com:6663

Mutex

a728eeadc9774101a351e2a5b3fe9598

Attributes

reg_key
a728eeadc9774101a351e2a5b3fe9598
splitter
|'|'|

Targets

- Target
  
  753c707e47bce65d32be781ea1584e0b_JaffaCakes118
- Size
  
  84KB
- MD5
  
  753c707e47bce65d32be781ea1584e0b
- SHA1
  
  7b43f6a910b01553dfae51560570365e3ce9ed42
- SHA256
  
  b1c0e35f47273a236518f43ee56c0367d8b423ca9ed8f9e7ad4a875caa47bb69
- SHA512
  
  8afc2ebbc80e17e42317202e9479e0c223456cf9f0b22ccdf9fe486eff19ebf9a33a2e00c01aa81168d4ad9950c34c8d78dc2f5821702fe61874221088d3cdda
- SSDEEP
  
  1536:2ppfa5dJy8Cgrw7rPNDwhucaDlZ5gb0HI//4gQF0eCaL:3yIwmhuDlZWbcO4/waL
Score

10^/10

njrat nyan cat discovery persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratnyan catdiscoverypersistencetrojan

behavioral2

njratnyan catdiscoverypersistencetrojan