njrat | 6056a53abbf934f271cf7427e2a3ec32089f03a0601546d03ebc25c0207784dd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

78f0e585595684b0391b0808bd62a1c8.uu
Size

3KB
Sample

241218-vx4gvsxkdm
MD5

78f0e585595684b0391b0808bd62a1c8
SHA1

6b443237218a347cdd620b777415e4af0cc0ce10
SHA256

6056a53abbf934f271cf7427e2a3ec32089f03a0601546d03ebc25c0207784dd
SHA512

db1702d6427124b698322d167ea92d380177e759808250ba4941bd71688a81ea6932f57d1ad64c81694726204f7ffaaef4e4f3155573fc380cac02c610382dc0

Score

10^/10

njrat nyan cat discovery execution trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://pastebin.com/raw/pHPmwBp6

exe.dropper

https://pastebin.com/raw/pHPmwBp6

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

carlitosmoreno1794.duckdns.org:2019

Mutex

bde06c84e1de4b23b

Attributes

reg_key
bde06c84e1de4b23b
splitter
@!#&^%$

Targets

- Target
  
  NOTIFICACION_DEMANDA#171220241132000000.vbs
- Size
  
  4.4MB
- MD5
  
  9e4789f5e93baddfbb0a0d9d995179d0
- SHA1
  
  6428dce88b1ff117f406ee0b5b3e438f86572f04
- SHA256
  
  072fff870e4f1ac444693546de130e7f690085074c30486d067a027da603b700
- SHA512
  
  212b8cfdd8b14e8252080bb287c23c360ccaf546b5040d51c5b1573a88df61aa1c4092d850a370d623c648a68661431289c1bddaf6c42a37ceea3d01ab759edc
- SSDEEP
  
  384:glklUlklUlklUlklUlklUlklUlklUlklUlklUlklUlklUlklUlklUlklUlklUlkR:1bCOMw
Score

10^/10

execution njrat nyan cat discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan catdiscoveryexecutiontrojan