2691AC49A444378F3C668C7EAAF0E0E0ABF95C5C3053A.exe

General
Target

2691AC49A444378F3C668C7EAAF0E0E0ABF95C5C3053A.exe

Size

6MB

Sample

220517-qce7baehcp

Score
10 /10
MD5

5f9e61796a21e65f9a03f92ee6a8f6d8

SHA1

d6032fd04db0fbb6195b6e8d31491a3fc289f1ce

SHA256

2691ac49a444378f3c668c7eaaf0e0e0abf95c5c3053a516b3f9a78c9a8885ba

SHA512

402ed4a2a376621e2674f1539c9ec6ac85b9118cb2133054ea2d960e98bf06efdd12b50f135841872450d3e07c231d2b6d8cab91315f05771226ec2546596eeb

Malware Config

Extracted

Language ps1
Deobfuscated
URLs
ps1.dropper

http://supportnimbuzz.hexat.com/3/Att.jpg

Extracted

Family njrat
Version 0.7NC
Botnet NYAN CAT
C2

ameen.myftp.biz:7788

Attributes
reg_key
76420c32f4f
splitter
@!#&^%$
Targets
Target

2691AC49A444378F3C668C7EAAF0E0E0ABF95C5C3053A.exe

MD5

5f9e61796a21e65f9a03f92ee6a8f6d8

Filesize

6MB

Score
10/10
SHA1

d6032fd04db0fbb6195b6e8d31491a3fc289f1ce

SHA256

2691ac49a444378f3c668c7eaaf0e0e0abf95c5c3053a516b3f9a78c9a8885ba

SHA512

402ed4a2a376621e2674f1539c9ec6ac85b9118cb2133054ea2d960e98bf06efdd12b50f135841872450d3e07c231d2b6d8cab91315f05771226ec2546596eeb

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Description

    suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Tags

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Drops startup file

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        8/10

                        behavioral1

                        10/10