36ab226ba7a1f5239b52c03164824781

General
Target

36ab226ba7a1f5239b52c03164824781

Size

19KB

Sample

210916-2y17fshcen

Score
10 /10
MD5

36ab226ba7a1f5239b52c03164824781

SHA1

390343d76afc548fed43e6f4f01125608ad8774d

SHA256

1d24583082fa73349c7c6a4d7a4782c6a87b17cc3bf4df04fb170d707017e944

SHA512

1a2839fcd596216409b9c0585f3e55677b7465e738d77a20f2c2c83b7e49b07f99b77422e37951e7a730daf267ad71e4b05a53d144d3d3db674a4a5ffee1c687

Malware Config

Extracted

Family njrat
Version 0.7NC
Botnet NYAN CAT
C2

8000njsept.duckdns.org:8000

Attributes
reg_key
007d79cbe435
splitter
@!#&^%$
Targets
Target

36ab226ba7a1f5239b52c03164824781

MD5

36ab226ba7a1f5239b52c03164824781

Filesize

19KB

Score
10 /10
SHA1

390343d76afc548fed43e6f4f01125608ad8774d

SHA256

1d24583082fa73349c7c6a4d7a4782c6a87b17cc3bf4df04fb170d707017e944

SHA512

1a2839fcd596216409b9c0585f3e55677b7465e738d77a20f2c2c83b7e49b07f99b77422e37951e7a730daf267ad71e4b05a53d144d3d3db674a4a5ffee1c687

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Description

    suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Tags

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10