General

  • Target

    a4cbd44053b27e4e0e92caf3fc92ea0a21e42c3219261d6560e2c02f89e54ffc

  • Size

    318KB

  • Sample

    220524-2hkvjaecep

  • MD5

    240ff486d71240a760a2d103c2e0c8ca

  • SHA1

    10b3ae157cb93eec73efa74a0f96bdab566c3d95

  • SHA256

    a4cbd44053b27e4e0e92caf3fc92ea0a21e42c3219261d6560e2c02f89e54ffc

  • SHA512

    7ae62e284843785ff8fbc22dd07d9981ed9d4fd26089c93ba98ba80e9f9a3f28de88c6a8a21ca5776cce321d4f83dd3bb7ff46fb74b2df2c4e2f8834734f13be

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

capurgol20.duckdns.org:2054

Mutex

58057853830242c2a

Attributes
  • reg_key

    58057853830242c2a

  • splitter

    @!#&^%$

Targets

    • Target

      a4cbd44053b27e4e0e92caf3fc92ea0a21e42c3219261d6560e2c02f89e54ffc

    • Size

      318KB

    • MD5

      240ff486d71240a760a2d103c2e0c8ca

    • SHA1

      10b3ae157cb93eec73efa74a0f96bdab566c3d95

    • SHA256

      a4cbd44053b27e4e0e92caf3fc92ea0a21e42c3219261d6560e2c02f89e54ffc

    • SHA512

      7ae62e284843785ff8fbc22dd07d9981ed9d4fd26089c93ba98ba80e9f9a3f28de88c6a8a21ca5776cce321d4f83dd3bb7ff46fb74b2df2c4e2f8834734f13be

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks