General

  • Target

    bDwa.exe

  • Size

    32KB

  • Sample

    220713-1bwg1sbbbj

  • MD5

    bf9ad1e1abe52e5430f928361959c8bc

  • SHA1

    8aecc718b82defe1760162f01352c4acd00bf452

  • SHA256

    87e4207c28bee760b4016fc3887fb8fb12a3985d7f491573887c55acff43cbc8

  • SHA512

    5c3513f8cb575df368bdade0a13a9e63204710c5d79f0ef725131e92cfee6a582a6ddb074be8bb301376e4a90c6fdaabef622c4e9e1666d98029131de9d54b61

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

NYAN CAT

C2

mojang.hopto.org:4444

Mutex

3626e608483d42779097c5533d03bb66

Attributes
  • reg_key

    3626e608483d42779097c5533d03bb66

  • splitter

    |'|'|

Targets

    • Target

      bDwa.exe

    • Size

      32KB

    • MD5

      bf9ad1e1abe52e5430f928361959c8bc

    • SHA1

      8aecc718b82defe1760162f01352c4acd00bf452

    • SHA256

      87e4207c28bee760b4016fc3887fb8fb12a3985d7f491573887c55acff43cbc8

    • SHA512

      5c3513f8cb575df368bdade0a13a9e63204710c5d79f0ef725131e92cfee6a582a6ddb074be8bb301376e4a90c6fdaabef622c4e9e1666d98029131de9d54b61

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks