General

  • Target

    INFORMACION DETALLADA BOLETA DE CITACION FISCALIA GENERAL DE LA NACION RADICADO#2023-6666958-996520-PDF (2).vbs

  • Size

    585KB

  • Sample

    230607-rhaz8abe35

  • MD5

    53e0e83caf70d19261f4083978938824

  • SHA1

    1d466f06b727736440a5808b5963e51fa22d29f4

  • SHA256

    b5ff070aa79546ee662377a44ea58f3b5d6f0c1e6a1498a983096b2b4790587e

  • SHA512

    49a489d22a731885764ef7e71373fea7e3f4c0259c63bccd774ef2f587ee91341045612e34eea44e443b765dbdcf6994343c6f81a051f92e22b8e2de1b760444

  • SSDEEP

    3072:dsG7wfkYFEhNe4VTdRnTT8w4TWq9TpoKlz/vPUjUJ2TZqs4gospW+og0S7wQzS1y:vwfkYFXsZqc

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

bogota2023.duckdns.org:1111

Mutex

cd12ab51ee7e4972bb

Attributes
  • reg_key

    cd12ab51ee7e4972bb

  • splitter

    @!#&^%$

Targets

    • Target

      INFORMACION DETALLADA BOLETA DE CITACION FISCALIA GENERAL DE LA NACION RADICADO#2023-6666958-996520-PDF (2).vbs

    • Size

      585KB

    • MD5

      53e0e83caf70d19261f4083978938824

    • SHA1

      1d466f06b727736440a5808b5963e51fa22d29f4

    • SHA256

      b5ff070aa79546ee662377a44ea58f3b5d6f0c1e6a1498a983096b2b4790587e

    • SHA512

      49a489d22a731885764ef7e71373fea7e3f4c0259c63bccd774ef2f587ee91341045612e34eea44e443b765dbdcf6994343c6f81a051f92e22b8e2de1b760444

    • SSDEEP

      3072:dsG7wfkYFEhNe4VTdRnTT8w4TWq9TpoKlz/vPUjUJ2TZqs4gospW+og0S7wQzS1y:vwfkYFXsZqc

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks