General

  • Target

    33cf888e20e24beacab4a8295dcc9b1a_JaffaCakes118

  • Size

    3.0MB

  • Sample

    241011-hyn3ca1dlc

  • MD5

    33cf888e20e24beacab4a8295dcc9b1a

  • SHA1

    5c026fe53c0a76be1bea6fdf8f58bb8904da6283

  • SHA256

    ed020394665750560df47c9a97b03958dc0d2f92422781d25ffd63ac91e3c7d9

  • SHA512

    3751dff286646f4e2539f5f6c9f78aa67d7ac944047097069271ff5f741ea728c9fcb57b1c8cc519ff549c338f52ad32d4991b104668174fdd4e4f2fb07105af

  • SSDEEP

    49152:Ru56uHbvjoCUHgmxtLnLDG7V9CjzUK3PHl6uofkkOW8NnatiauotsY:RwxTjkgmxtL3qC53PMk5naQaF

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

milla.publicvm.com:5050

Mutex

30b01a7462534b

Attributes
  • reg_key

    30b01a7462534b

  • splitter

    @!#&^%$

Targets

    • Target

      33cf888e20e24beacab4a8295dcc9b1a_JaffaCakes118

    • Size

      3.0MB

    • MD5

      33cf888e20e24beacab4a8295dcc9b1a

    • SHA1

      5c026fe53c0a76be1bea6fdf8f58bb8904da6283

    • SHA256

      ed020394665750560df47c9a97b03958dc0d2f92422781d25ffd63ac91e3c7d9

    • SHA512

      3751dff286646f4e2539f5f6c9f78aa67d7ac944047097069271ff5f741ea728c9fcb57b1c8cc519ff549c338f52ad32d4991b104668174fdd4e4f2fb07105af

    • SSDEEP

      49152:Ru56uHbvjoCUHgmxtLnLDG7V9CjzUK3PHl6uofkkOW8NnatiauotsY:RwxTjkgmxtL3qC53PMk5naQaF

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks