General

  • Target

    https://dianreacaudosimpuestosnacionales.downloaden24.de

  • Sample

    230724-q2pr2sdh64

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

todosnj4343.duckdns.org:4343

Mutex

91870a25e1f

Attributes
  • reg_key

    91870a25e1f

  • splitter

    @!#&^%$

Targets

    • Target

      https://dianreacaudosimpuestosnacionales.downloaden24.de

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks