avellaneda.bin.zip

General
Target

avellaneda.bin.zip

Size

359KB

Sample

210915-nmvnmsdffk

Score
10 /10
MD5

efe2963235d10e8960a6d13ede270d19

SHA1

1af35c064cfd64f00debcd99b1cf3fe1b0ec157e

SHA256

aca870441f1fc5e5b54d151bdc762af81ef4ab21cf63845a29b205d57c99c533

SHA512

547d6c2c655cad80b4ed41ab09951b5b5eb6f9c8ea223b6ba968662e115b1f913829ee7551d2b63ca60ef40a4d65ae663a7b0509cb33ba31c65ac1d846688688

Malware Config

Extracted

Family njrat
Version 0.7NC
Botnet NYAN CAT
C2

reald27.duckdns.org:3525

Attributes
reg_key
f45dd4eb26
splitter
@!#&^%$
Targets
Target

avellaneda.bin

MD5

0bb825d7755c400a76fd8512f6baab38

Filesize

420KB

Score
10/10
SHA1

278d3e2ca71d1b8f1e3b521e8885ae13e25d84da

SHA256

2543435084f6e995500f8e9f12312db2da5241029f78418a5308524e295443d9

SHA512

60bd692b834dd5280c93894adcfacde0d11cd0b7ae893a6b5a64cba704a13a0845f65bd322384d19e9eebf6a673a0565308f88769cc99eec4292c0ff2b980e34

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10