General

  • Target

    1c00c8e24fa814e9741571c74df2f71f.exe

  • Size

    658KB

  • Sample

    230905-c3kmtsdb58

  • MD5

    1c00c8e24fa814e9741571c74df2f71f

  • SHA1

    a3affc050e39e6ec21b721474e66c1be1e5dbc15

  • SHA256

    8625ed4acd5cb983bad7b6809a517c3525497a72c6b87442e10410c0c02f723a

  • SHA512

    dc712eeccb64c607efd0bf660370a46595e4b435dd2f3f8903d791a77814ec7880e6e1cf506d1926fc147e1487194a4742cb5837c71c3097978dea525f7375ae

  • SSDEEP

    12288:qwnK1jqkCoBTYqfnA6dTvGXq8dU7wNc96hYJQq30yV:qwoqkCoxXo6Oq8dU7wxhwV30W

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

seznam.zapto.org:5050

Mutex

587285a8a9a841d

Attributes
  • reg_key

    587285a8a9a841d

  • splitter

    @!#&^%$

Targets

    • Target

      1c00c8e24fa814e9741571c74df2f71f.exe

    • Size

      658KB

    • MD5

      1c00c8e24fa814e9741571c74df2f71f

    • SHA1

      a3affc050e39e6ec21b721474e66c1be1e5dbc15

    • SHA256

      8625ed4acd5cb983bad7b6809a517c3525497a72c6b87442e10410c0c02f723a

    • SHA512

      dc712eeccb64c607efd0bf660370a46595e4b435dd2f3f8903d791a77814ec7880e6e1cf506d1926fc147e1487194a4742cb5837c71c3097978dea525f7375ae

    • SSDEEP

      12288:qwnK1jqkCoBTYqfnA6dTvGXq8dU7wNc96hYJQq30yV:qwoqkCoxXo6Oq8dU7wxhwV30W

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks