General

  • Target

    manage.ps1

  • Size

    281KB

  • Sample

    220628-mkdfxaafa7

  • MD5

    311432bc9c13e05bad3b599af74b2848

  • SHA1

    07b7c51523252a26bdc66735081f05eec9666aa5

  • SHA256

    923d2ed3c797b3ea08ca1109541289e27b45a1fa766b0776d2d8b2149ae01c0c

  • SHA512

    614b860c7a28c5556577820b1ea69091d1ee08191325826b8f3fea78d511167802cf884395920c07270859f5f09a295328089ebfe8778735ff5c3b7006ac0a4b

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

archive.soundcast.me:306

Mutex

08654bc196a14b17a33

Attributes
  • reg_key

    08654bc196a14b17a33

  • splitter

    3Looossch

Targets

    • Target

      manage.ps1

    • Size

      281KB

    • MD5

      311432bc9c13e05bad3b599af74b2848

    • SHA1

      07b7c51523252a26bdc66735081f05eec9666aa5

    • SHA256

      923d2ed3c797b3ea08ca1109541289e27b45a1fa766b0776d2d8b2149ae01c0c

    • SHA512

      614b860c7a28c5556577820b1ea69091d1ee08191325826b8f3fea78d511167802cf884395920c07270859f5f09a295328089ebfe8778735ff5c3b7006ac0a4b

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks