General

  • Target

    c2121cc7b8b8d8f29a57d91ee3095850

  • Size

    1.3MB

  • Sample

    240312-bgswmsdf35

  • MD5

    c2121cc7b8b8d8f29a57d91ee3095850

  • SHA1

    fcae608229774cf9de89b78d29dafada24eecc79

  • SHA256

    918604f4773a9a1573024ce0f344f69184bb97a35a75da37f9f47d4fc7d4e252

  • SHA512

    df24477af5c74420bf8eab725b00498f717756e814e298b51aeed247b662f3ecc595c8c8eadaa72a320444a88088698af8b0c0f46c36ced9c1a8c87d995a3d27

  • SSDEEP

    24576:MpcLKQu3LLjfOk0TBXjAtOuF/nrfxlNRY8moRd:9jswWtOuF/rfdRRd

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

testing35123.duckdns.org:1604

Mutex

830de61871284cdea

Attributes
  • reg_key

    830de61871284cdea

  • splitter

    @!#&^%$

Targets

    • Target

      c2121cc7b8b8d8f29a57d91ee3095850

    • Size

      1.3MB

    • MD5

      c2121cc7b8b8d8f29a57d91ee3095850

    • SHA1

      fcae608229774cf9de89b78d29dafada24eecc79

    • SHA256

      918604f4773a9a1573024ce0f344f69184bb97a35a75da37f9f47d4fc7d4e252

    • SHA512

      df24477af5c74420bf8eab725b00498f717756e814e298b51aeed247b662f3ecc595c8c8eadaa72a320444a88088698af8b0c0f46c36ced9c1a8c87d995a3d27

    • SSDEEP

      24576:MpcLKQu3LLjfOk0TBXjAtOuF/nrfxlNRY8moRd:9jswWtOuF/rfdRRd

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks