857aff9992a47764185c61da2493c753.exe

General
Target

857aff9992a47764185c61da2493c753.exe

Size

407KB

Sample

210915-tgtr2sahg8

Score
10 /10
MD5

857aff9992a47764185c61da2493c753

SHA1

6efa34cd3fdb299fcd940c0719d3a172bac83164

SHA256

b73dc9d5947dd389cbae282955568d35ae3a38acd24983b116cdd8eb7ef67155

SHA512

fbb2a5bfb068d4f56e338dc67f4d1a171af3156de2b3d956a0a1bd9526706f370cdff16cfb136049468b3a71db4c7ce99349265d3841db7775d5389b7aab798a

Malware Config

Extracted

Family njrat
Version 0.7NC
Botnet NYAN CAT
C2

pedrobedoya2021.duckdns.org:1980

Attributes
reg_key
cf13c225ff474d45b
splitter
@!#&^%$
Targets
Target

857aff9992a47764185c61da2493c753.exe

MD5

857aff9992a47764185c61da2493c753

Filesize

407KB

Score
10/10
SHA1

6efa34cd3fdb299fcd940c0719d3a172bac83164

SHA256

b73dc9d5947dd389cbae282955568d35ae3a38acd24983b116cdd8eb7ef67155

SHA512

fbb2a5bfb068d4f56e338dc67f4d1a171af3156de2b3d956a0a1bd9526706f370cdff16cfb136049468b3a71db4c7ce99349265d3841db7775d5389b7aab798a

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10