General

  • Target

    3483079188b9a730fc255ac4d8c51f07.exe

  • Size

    189KB

  • Sample

    240203-y14tksbfgp

  • MD5

    3483079188b9a730fc255ac4d8c51f07

  • SHA1

    f0ba23547b985524284b34993e6f650cf3fe48f7

  • SHA256

    f1400947f65c4f4b6770ca97877b7e6bbfc97deef656e20a064e542e2cd31d79

  • SHA512

    81b0e4ca7059ae7c08e26d105c3a7a5911f509723b43318e485828cce6bcfd663220a470dafe4085689707ee2dd86036bb4f9043b0d3b53c77b9dd7fd80ffa75

  • SSDEEP

    3072:xBfsGpcW25Gp+VIVnZM0NLsqHjHVcid1gOoVHFxq2YEOnB+llUhckPDfG:LsGckEKnZbDHVPgRUEOB+YJPzG

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

vinijr27.duckdns.org:3030

Mutex

a4729d8cd4374

Attributes
  • reg_key

    a4729d8cd4374

  • splitter

    @!#&^%$

Targets

    • Target

      3483079188b9a730fc255ac4d8c51f07.exe

    • Size

      189KB

    • MD5

      3483079188b9a730fc255ac4d8c51f07

    • SHA1

      f0ba23547b985524284b34993e6f650cf3fe48f7

    • SHA256

      f1400947f65c4f4b6770ca97877b7e6bbfc97deef656e20a064e542e2cd31d79

    • SHA512

      81b0e4ca7059ae7c08e26d105c3a7a5911f509723b43318e485828cce6bcfd663220a470dafe4085689707ee2dd86036bb4f9043b0d3b53c77b9dd7fd80ffa75

    • SSDEEP

      3072:xBfsGpcW25Gp+VIVnZM0NLsqHjHVcid1gOoVHFxq2YEOnB+llUhckPDfG:LsGckEKnZbDHVPgRUEOB+YJPzG

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks