df841db0f1f8f968ec6fc8c0d8bbd618bbacdcd7bf8146ad0267371884071576

General
Target

df841db0f1f8f968ec6fc8c0d8bbd618bbacdcd7bf8146ad0267371884071576

Size

13KB

Sample

210916-kn35mafdep

Score
10 /10
MD5

354b2d0793453d6be6e92cb740f170e4

SHA1

9061310c8d87029de3088a95f22c28614d1c916f

SHA256

df841db0f1f8f968ec6fc8c0d8bbd618bbacdcd7bf8146ad0267371884071576

SHA512

dd74a5ff1a704104313b71ee83710896eff4e3d38ced07c68593025eae1ed13da6b44cbc635b9dbee384dd22ae7d18d16f89371b79466b33645fe3cadf27ed35

Malware Config

Extracted

Family njrat
Version 0.7NC
Botnet NYAN CAT
C2

107.167.244.67:18971

Attributes
reg_key
4a178b198a1a4260aad
splitter
@!#&^%$
Targets
Target

df841db0f1f8f968ec6fc8c0d8bbd618bbacdcd7bf8146ad0267371884071576

MD5

354b2d0793453d6be6e92cb740f170e4

Filesize

13KB

Score
10 /10
SHA1

9061310c8d87029de3088a95f22c28614d1c916f

SHA256

df841db0f1f8f968ec6fc8c0d8bbd618bbacdcd7bf8146ad0267371884071576

SHA512

dd74a5ff1a704104313b71ee83710896eff4e3d38ced07c68593025eae1ed13da6b44cbc635b9dbee384dd22ae7d18d16f89371b79466b33645fe3cadf27ed35

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Description

    suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Tags

  • Downloads MZ/PE file

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks