Overview

overview

10

Static

static

avellaneda.bin.exe

windows7_x64

10

avellaneda.bin.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    avellaneda.bin.zip

  • Size

    359KB

  • Sample

    210915-nmvnmsdffk

  • MD5

    efe2963235d10e8960a6d13ede270d19

  • SHA1

    1af35c064cfd64f00debcd99b1cf3fe1b0ec157e

  • SHA256

    aca870441f1fc5e5b54d151bdc762af81ef4ab21cf63845a29b205d57c99c533

  • SHA512

    547d6c2c655cad80b4ed41ab09951b5b5eb6f9c8ea223b6ba968662e115b1f913829ee7551d2b63ca60ef40a4d65ae663a7b0509cb33ba31c65ac1d846688688

Score
10/10
njratnyan cattrojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

reald27.duckdns.org:3525

Mutex

f45dd4eb26

Attributes
  • reg_key

    f45dd4eb26

  • splitter

    @!#&^%$

Targets

    • Target

      avellaneda.bin

    • Size

      420KB

    • MD5

      0bb825d7755c400a76fd8512f6baab38

    • SHA1

      278d3e2ca71d1b8f1e3b521e8885ae13e25d84da

    • SHA256

      2543435084f6e995500f8e9f12312db2da5241029f78418a5308524e295443d9

    • SHA512

      60bd692b834dd5280c93894adcfacde0d11cd0b7ae893a6b5a64cba704a13a0845f65bd322384d19e9eebf6a673a0565308f88769cc99eec4292c0ff2b980e34

    Score
    10/10
    njratnyan cattrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks