General
-
Target
3741cd153a6d0379430136021b3624509f9328c702111665c6f225aa22b5adf2
-
Size
1.1MB
-
Sample
210830-38c9wqz1ca
-
MD5
7fae9a368a911e86a7e7fb0ca0d30119
-
SHA1
0874a642db0811a6225f7a0f4804f14fa7636928
-
SHA256
3741cd153a6d0379430136021b3624509f9328c702111665c6f225aa22b5adf2
-
SHA512
67b5d7fdcbac8a8da039408e1160a3c378645f1f7e39f91046ace92ca4e9bfbe00b9d87ddebcbb9505feb90fe5f45cae62278b38b3d6e34f5e50bbd6d96fd037
Static task
static1
Behavioral task
behavioral1
Sample
3741cd153a6d0379430136021b3624509f9328c702111665c6f225aa22b5adf2.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
3741cd153a6d0379430136021b3624509f9328c702111665c6f225aa22b5adf2.exe
Resource
win10v20210408
Malware Config
Extracted
njrat
0.7d
MyBot
0.tcp.ngrok.io:14868
11c84c65b260ec60a3037052c26d14fa
-
reg_key
11c84c65b260ec60a3037052c26d14fa
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
3741cd153a6d0379430136021b3624509f9328c702111665c6f225aa22b5adf2
-
Size
1.1MB
-
MD5
7fae9a368a911e86a7e7fb0ca0d30119
-
SHA1
0874a642db0811a6225f7a0f4804f14fa7636928
-
SHA256
3741cd153a6d0379430136021b3624509f9328c702111665c6f225aa22b5adf2
-
SHA512
67b5d7fdcbac8a8da039408e1160a3c378645f1f7e39f91046ace92ca4e9bfbe00b9d87ddebcbb9505feb90fe5f45cae62278b38b3d6e34f5e50bbd6d96fd037
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-