General

  • Target

    PROCESO INTERROGATORIO.exe

  • Size

    53KB

  • Sample

    220829-g5g2yaeba8

  • MD5

    c6e8b1894581251abb367d18bc4a41ff

  • SHA1

    1087cfe8d7ecb0dd3c1c9ed09b33630a727b27ed

  • SHA256

    31e39ad5dbe4e094c86e0ebafb840e927f41666a2b5ece42eee1ac791577f0f0

  • SHA512

    3f0cee3d2546f6ead46f69b4ece82b3b34c5dc0a42699de10f26e32a6e62ba07600a6920d884ce6dfa8594dd03ab2af191ff3d067fa3a7442f451c281ccd14c2

  • SSDEEP

    768:2Ql62z/5vasnjrynryD13Nlahi7bkQHrRC/PElQH:2Ql6k5vNnC4hD2cCnua

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

rfrehdfbss.duckdns.org:1881

Mutex

1f76c002c2fc4baab9

Attributes
  • reg_key

    1f76c002c2fc4baab9

  • splitter

    @!#&^%$

Targets

    • Target

      PROCESO INTERROGATORIO.exe

    • Size

      53KB

    • MD5

      c6e8b1894581251abb367d18bc4a41ff

    • SHA1

      1087cfe8d7ecb0dd3c1c9ed09b33630a727b27ed

    • SHA256

      31e39ad5dbe4e094c86e0ebafb840e927f41666a2b5ece42eee1ac791577f0f0

    • SHA512

      3f0cee3d2546f6ead46f69b4ece82b3b34c5dc0a42699de10f26e32a6e62ba07600a6920d884ce6dfa8594dd03ab2af191ff3d067fa3a7442f451c281ccd14c2

    • SSDEEP

      768:2Ql62z/5vasnjrynryD13Nlahi7bkQHrRC/PElQH:2Ql6k5vNnC4hD2cCnua

    • Detect PureCrypter loader

    • PureCrypter

      PureCrypter is a loader which is intended for downloading and executing additional payloads.

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks