General

  • Target

    a670b52b8c4922d3b75d6b502193c15d.exe

  • Size

    22KB

  • Sample

    220723-lrl6ysdfa6

  • MD5

    a670b52b8c4922d3b75d6b502193c15d

  • SHA1

    ad4651567adb5bdfa4f32dd7387bd09268ec529d

  • SHA256

    ebec4606c7bbe18209b90f8a9a1871f7ad54f46841d65f169491a9620b589605

  • SHA512

    ebbba5b28f12ffa2e77b57e8836d956b629e8fce892b69130434ec090db42e15d6cbdec43042cb881c18bd7e999b3d38ff4096ed51e893983ecf28e8e2036238

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

NYAN CAT

C2

2.tcp.ngrok.io:14404

Mutex

b054605e4e2143d0a896023bc3764d3e

Attributes
  • reg_key

    b054605e4e2143d0a896023bc3764d3e

  • splitter

    |'|'|

Targets

    • Target

      a670b52b8c4922d3b75d6b502193c15d.exe

    • Size

      22KB

    • MD5

      a670b52b8c4922d3b75d6b502193c15d

    • SHA1

      ad4651567adb5bdfa4f32dd7387bd09268ec529d

    • SHA256

      ebec4606c7bbe18209b90f8a9a1871f7ad54f46841d65f169491a9620b589605

    • SHA512

      ebbba5b28f12ffa2e77b57e8836d956b629e8fce892b69130434ec090db42e15d6cbdec43042cb881c18bd7e999b3d38ff4096ed51e893983ecf28e8e2036238

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks