General

  • Target

    6a6b2af0716cb8308dddae55dd325253.bin

  • Size

    1.4MB

  • Sample

    220628-fvj8wafcdn

  • MD5

    6a6b2af0716cb8308dddae55dd325253

  • SHA1

    691556a82280d270bd0f763f1213b43c6c4c0b6d

  • SHA256

    2cb6acd25b8d00468dd89658dc948836f92000e031085b6b3c798eb1504157df

  • SHA512

    e517c7070e4c20eb16acc1dfa98c016a01a9fc66b1944c30e5270d3e616770804553140ff5b3b35c49c659b39e59cf999dc8fa5c00e9520bd57e6c9872d83f11

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

4Mekey.myftp.biz:2411

Mutex

18951a269d7

Attributes
  • reg_key

    18951a269d7

  • splitter

    @!#&^%$

Targets

    • Target

      6a6b2af0716cb8308dddae55dd325253.bin

    • Size

      1.4MB

    • MD5

      6a6b2af0716cb8308dddae55dd325253

    • SHA1

      691556a82280d270bd0f763f1213b43c6c4c0b6d

    • SHA256

      2cb6acd25b8d00468dd89658dc948836f92000e031085b6b3c798eb1504157df

    • SHA512

      e517c7070e4c20eb16acc1dfa98c016a01a9fc66b1944c30e5270d3e616770804553140ff5b3b35c49c659b39e59cf999dc8fa5c00e9520bd57e6c9872d83f11

    • UAC bypass

    • Windows security bypass

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks