Overview

overview

10

Static

static

6d436e60c2...63.exe

windows7_x64

10

6d436e60c2...63.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d436e60c2fb29da147c14256bddd963

  • Size

    208KB

  • Sample

    211020-ra17faaadr

  • MD5

    6d436e60c2fb29da147c14256bddd963

  • SHA1

    196830c4cee77e799789001c65b866ef7755e250

  • SHA256

    9fad723dade78cd386645103e1683620b5d1f03b17ae358bdb176c61c3a641fe

  • SHA512

    3c0200f49aa036c1e148da156bf9e21b3c071c51e7624d5774da6a51bde46e7cf15af0dc1d1c599b7c76619833165f60aa44edb110ccc058aa1b62dce2f33e9c

Score
10/10
njratnyan catsuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

titopeo1.duckdns.org:9780

Mutex

42fbf86d0d6541e3b

Attributes
  • reg_key

    42fbf86d0d6541e3b

  • splitter

    @!#&^%$

Targets

    • Target

      6d436e60c2fb29da147c14256bddd963

    • Size

      208KB

    • MD5

      6d436e60c2fb29da147c14256bddd963

    • SHA1

      196830c4cee77e799789001c65b866ef7755e250

    • SHA256

      9fad723dade78cd386645103e1683620b5d1f03b17ae358bdb176c61c3a641fe

    • SHA512

      3c0200f49aa036c1e148da156bf9e21b3c071c51e7624d5774da6a51bde46e7cf15af0dc1d1c599b7c76619833165f60aa44edb110ccc058aa1b62dce2f33e9c

    Score
    10/10
    njratnyan catsuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks