Resubmissions

27-02-2024 13:11

240227-qezzhahf46 10

27-02-2024 13:08

240227-qc7xbshe97 10

General

  • Target

    bTN8.exe

  • Size

    32KB

  • Sample

    240227-qezzhahf46

  • MD5

    a60348b833a6d7ce48ca4e2faaac5538

  • SHA1

    feba52c5a51450a676824f8a7ee5c6561bd2dc0c

  • SHA256

    daa6e519cd8b5d39726e0c5f3c51643510ecf77c259c9d8533ea37ec9963db64

  • SHA512

    2af0d3d120c23063c121f40810fd61efa3bb8cd93546aadad2b43de74b314b4ea41ed10c88b474427f9b264f2673960b256132e7e6ae0e59d6c90c0c182aa12c

  • SSDEEP

    384:Q0bUe5XB4e0X2OJmgFS6Z/73jWTEtTUFQqz9TObbK:VT9BulxS6BFtbK

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

clarosecurity-com.duckdns.org:2054

Mutex

dd652defb16e4

Attributes
  • reg_key

    dd652defb16e4

  • splitter

    @!#&^%$

Targets

    • Target

      bTN8.exe

    • Size

      32KB

    • MD5

      a60348b833a6d7ce48ca4e2faaac5538

    • SHA1

      feba52c5a51450a676824f8a7ee5c6561bd2dc0c

    • SHA256

      daa6e519cd8b5d39726e0c5f3c51643510ecf77c259c9d8533ea37ec9963db64

    • SHA512

      2af0d3d120c23063c121f40810fd61efa3bb8cd93546aadad2b43de74b314b4ea41ed10c88b474427f9b264f2673960b256132e7e6ae0e59d6c90c0c182aa12c

    • SSDEEP

      384:Q0bUe5XB4e0X2OJmgFS6Z/73jWTEtTUFQqz9TObbK:VT9BulxS6BFtbK

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks