njrat | 887188ba86a5fbca79cf6f2338155cd48e79d23e1ada58e1c05cf666dd5f0eae | Triage

Sharing

General

Target

d15caeecd93597cd7eaeccfeeea029f3_JaffaCakes118
Size

327KB
Sample

241207-jpfv2synar
MD5

d15caeecd93597cd7eaeccfeeea029f3
SHA1

a9acaeeb1be459794c4cd3e9b6ab544314f21651
SHA256

887188ba86a5fbca79cf6f2338155cd48e79d23e1ada58e1c05cf666dd5f0eae
SHA512

2848b425aefd9806502fbbec0d6baf25fffc5bc4eeffaa9977e25eb18cc77021111c5a4b97fc01c6bde844eae5c4b98408d5ae7fa9719edb7d5825dfc4d1cd46
SSDEEP

6144:Vcd/f8fo3LL4TPH+v6SG8fE1iApjJ1MyppqlOtonBhvA+DK:1jJ15XsvA+DK

Score

10^/10

njrat nyan cat discovery execution persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

milla.publicvm.com:5050

Mutex

30b01a7462534b

Attributes

reg_key
30b01a7462534b
splitter
@!#&^%$

Targets

- Target
  
  d15caeecd93597cd7eaeccfeeea029f3_JaffaCakes118
- Size
  
  327KB
- MD5
  
  d15caeecd93597cd7eaeccfeeea029f3
- SHA1
  
  a9acaeeb1be459794c4cd3e9b6ab544314f21651
- SHA256
  
  887188ba86a5fbca79cf6f2338155cd48e79d23e1ada58e1c05cf666dd5f0eae
- SHA512
  
  2848b425aefd9806502fbbec0d6baf25fffc5bc4eeffaa9977e25eb18cc77021111c5a4b97fc01c6bde844eae5c4b98408d5ae7fa9719edb7d5825dfc4d1cd46
- SSDEEP
  
  6144:Vcd/f8fo3LL4TPH+v6SG8fE1iApjJ1MyppqlOtonBhvA+DK:1jJ15XsvA+DK
Score

10^/10

njrat nyan cat discovery execution persistence trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Adds Run key to start application
  persistence
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratnyan catdiscoveryexecutionpersistencetrojan

behavioral2

njratnyan catdiscoveryexecutionpersistencetrojan