679b6a7d4464b113500d1492a3721f7e36583e171981e0cdb3c58932040e74e3

General
Target

679b6a7d4464b113500d1492a3721f7e36583e171981e0cdb3c58932040e74e3

Size

316KB

Sample

210914-jjgkdsaccr

Score
10 /10
MD5

af34e9e13f317ec8af540c876afe8885

SHA1

70f8e2f6faf55c20f6276ec86075036c18365eee

SHA256

679b6a7d4464b113500d1492a3721f7e36583e171981e0cdb3c58932040e74e3

SHA512

a38f431ae969b4801b754406d7d341091b76d4df8c46789182b22f71bf9497beb094c9c500b8ee61217cbf29cf67db0b5719ce43c08fca8701fa526201307af6

Malware Config

Extracted

Family njrat
Version 0.7NC
Botnet NYAN CAT
C2

192.168.0.108:5000

Attributes
reg_key
c6af998e91fd48a6a
splitter
@!#&^%$
Targets
Target

679b6a7d4464b113500d1492a3721f7e36583e171981e0cdb3c58932040e74e3

MD5

af34e9e13f317ec8af540c876afe8885

Filesize

316KB

Score
10 /10
SHA1

70f8e2f6faf55c20f6276ec86075036c18365eee

SHA256

679b6a7d4464b113500d1492a3721f7e36583e171981e0cdb3c58932040e74e3

SHA512

a38f431ae969b4801b754406d7d341091b76d4df8c46789182b22f71bf9497beb094c9c500b8ee61217cbf29cf67db0b5719ce43c08fca8701fa526201307af6

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10