General

  • Target

    CEB4D88A90FF332D4EA6DA16ABAF1E04B6296D8618C1F.exe

  • Size

    170KB

  • Sample

    210909-krpfmsfgg9

  • MD5

    75b89ea1408de6fdd7429944f8fdbb5e

  • SHA1

    1250d433355aa6d7ce189ea5fe4a9d08df179f18

  • SHA256

    ceb4d88a90ff332d4ea6da16abaf1e04b6296d8618c1f280696acb57cb7bbc68

  • SHA512

    8682bab985ae84c3482328b5e9cb8a60c902e432a9e1ebb58fafd70e31ed0d01303f3dc64c3b6b2b6a8cdce7c9876d18fff133f75844582650177f6be809bf45

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

CUCUTAA

C2

noviembre1.duckdns.org:3030

Mutex

Client.exe

Attributes
  • reg_key

    Client.exe

  • splitter

    lolo

Targets

    • Target

      CEB4D88A90FF332D4EA6DA16ABAF1E04B6296D8618C1F.exe

    • Size

      170KB

    • MD5

      75b89ea1408de6fdd7429944f8fdbb5e

    • SHA1

      1250d433355aa6d7ce189ea5fe4a9d08df179f18

    • SHA256

      ceb4d88a90ff332d4ea6da16abaf1e04b6296d8618c1f280696acb57cb7bbc68

    • SHA512

      8682bab985ae84c3482328b5e9cb8a60c902e432a9e1ebb58fafd70e31ed0d01303f3dc64c3b6b2b6a8cdce7c9876d18fff133f75844582650177f6be809bf45

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks