Resubmissions

05-02-2024 03:51

240205-ee111sbgfm 10

05-02-2024 01:15

240205-bmdznshbfk 10

General

  • Target

    3483079188b9a730fc255ac4d8c51f07.bin

  • Size

    90KB

  • Sample

    240205-bmdznshbfk

  • MD5

    9d09ae0c207297e172ca76d1c01abfbe

  • SHA1

    b21284b69fabf874b335db2d92b9f0c3909483a1

  • SHA256

    fbcabedebc3e2e5ebf0cc4023ac24c87a8ca8fc1bd818dd2e9e356de207bb04c

  • SHA512

    340a7760b73a5adb06dcc68307b6abaf7782827e33eaba409ee45da91627db9de1617a490d71ede735d3484db0249770b67513899a92d77b7e75b2d82f1623c4

  • SSDEEP

    1536:7Xkm/J6f/JPG/Ge7t7JeJFVReXRxN3gxePAs5sFanYVAvGFg1QvyfGyl1HET:7Xka6fNGOm7iFV0Rz3g4BnYVAeFHIGy+

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

vinijr27.duckdns.org:3030

Mutex

a4729d8cd4374

Attributes
  • reg_key

    a4729d8cd4374

  • splitter

    @!#&^%$

Targets

    • Target

      f1400947f65c4f4b6770ca97877b7e6bbfc97deef656e20a064e542e2cd31d79.exe

    • Size

      189KB

    • MD5

      3483079188b9a730fc255ac4d8c51f07

    • SHA1

      f0ba23547b985524284b34993e6f650cf3fe48f7

    • SHA256

      f1400947f65c4f4b6770ca97877b7e6bbfc97deef656e20a064e542e2cd31d79

    • SHA512

      81b0e4ca7059ae7c08e26d105c3a7a5911f509723b43318e485828cce6bcfd663220a470dafe4085689707ee2dd86036bb4f9043b0d3b53c77b9dd7fd80ffa75

    • SSDEEP

      3072:xBfsGpcW25Gp+VIVnZM0NLsqHjHVcid1gOoVHFxq2YEOnB+llUhckPDfG:LsGckEKnZbDHVPgRUEOB+YJPzG

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks