njrat | 25c9d000b42a92daeb66f415dab93a5f6d97fe8efbd7855dc08490c93a06ce87

Sharing

Copy URL

Twitter E-mail

General

Target

ffd26fdd5b1c692dfba39bc753f8a5ec_JaffaCakes118
Size

61KB
Sample

240930-dhyjmavbmr
MD5

ffd26fdd5b1c692dfba39bc753f8a5ec
SHA1

5b6fdcc70ab9c5578d497ece5e813fc77d1cb53d
SHA256

25c9d000b42a92daeb66f415dab93a5f6d97fe8efbd7855dc08490c93a06ce87
SHA512

26009ea3ee075210abc38aad6406360982e1f77c4bae7aaef068b7cb62322696aedab557473db351b7355484d03d4fccea6f2282435e4bcc656b8c038117f59d
SSDEEP

1536:NsqY/fdy64EahR6c+AkUyakhC0j1b7HeL8FrQC7hS:+Jc64NT6+ZZgCyv+L8B7hS

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

NYAN CAT

iiiimmm.myq-see.com:55554

Mutex

4fcb39e2a91345ea8d6202f07912a06e

Attributes

reg_key
4fcb39e2a91345ea8d6202f07912a06e
splitter
|'|'|

Targets

- Target
  
  cc checker.exe
- Size
  
  36KB
- MD5
  
  2bde8284cee1fa0fe32a7b815e6b386a
- SHA1
  
  8d9f12d9f97980171317fa2fc9ef5a42b50af82a
- SHA256
  
  68925c30a00e4698111dd2f8f342568d120beb13ba2442e8129cfc79f8fd08ec
- SHA512
  
  847d8739cd122c758051f1620d9212c759d6e8c03b6b9510ad9589937f82c6326c94c39b57fdd4df7780b1455f094fbcaa1769ab8c890233d9fee55deeeaef99
- SSDEEP
  
  384:cfiZ9ktDWlPWPISeq90KTqZyQiiAnuPXMmWTetT2/F1qzsEQT:cfiZaDWNwJ9MyQiiCcKT
Score

10^/10

njrat nyan cat discovery persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  dimap.dll
- Size
  
  43KB
- MD5
  
  b61675bfae56f114ae3d4f938a9d9aea
- SHA1
  
  72e4d66e319ccabe8e1ef641b92724eba15dd3d6
- SHA256
  
  dabe2ba75bcff8eea2f0d7d086b012ad84ff49dbf6be8371b24ce69fcacc575a
- SHA512
  
  fd963378918d91aa4eb6eabadb662976f2626ae107bacaea01271b8d458f1d5e51393b116ac9c2b1c551a3fcb58c60642463e4f4ee7d67251abe5d0493a8de19
- SSDEEP
  
  768:9CpUMmwufNXBkMjtwIzShvSEl4vmA+aZe83ecxhga3OU9bpb:cXPuffkctw06aEonZe8umhgCOUzb
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  dimsntfy.dll
- Size
  
  19KB
- MD5
  
  48abb5a17b3fdaab6631224d74ddbcaf
- SHA1
  
  9ed3abb97e152569c348c64b8ffdb335515afcd1
- SHA256
  
  e5ff94dde6d202b332d431f5a495e5233520a87022932d05f82a307a78148007
- SHA512
  
  fcb1faee109537eb8d9a78333579b88d316ec49be0698932fff8a906436f09e5d9d7d59ceb78313ef1aed2797cf2789c26912c260f7183de90228d1d1cf3fa82
- SSDEEP
  
  384:VBsCe37mcOyfWrDwpn3x80oiZ1EbnAu3BS7KboWW2hXWqM:VZyegpS0Labnf8eh8
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  dimsroam.dll
- Size
  
  39KB
- MD5
  
  d992311aee759b801ac1f5e7cdcdc678
- SHA1
  
  043c7058e0c8d923912695c9f18033e8e3a174a5
- SHA256
  
  6caeeb7688a113dc4b1966e16f769dfb5fed05ba3da4d9706d365c2a4cf9db3d
- SHA512
  
  5e03d3c86f652c04e9f75e109a9c99c828124029d3dcc5c4cd00db867586a2a4ab0dfe508409859f849c07468610ceb74a0dad41f3a1ea25bd8486ebba7d3bc9
- SSDEEP
  
  768:BlthUSa2GwWbUUT8sM5K4w8ZgjZZKqsvEy9BY/5mh/JyymKoCxKVnn:vcmGwWgUT83KH8AWNvEQy/0psQrxKV
Score

3^/10

discovery
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

njRAT/Bladabindi

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8