General
-
Target
6CF07AB2FF64200E8CD38602D14BC566.exe
-
Size
1.2MB
-
Sample
210904-jcd6pahbdq
-
MD5
6cf07ab2ff64200e8cd38602d14bc566
-
SHA1
74edddc5fa816ecd47bb0a90b4ed605e1b8e8e6b
-
SHA256
7a5ea108c883639b28770a677217474e15e8e26a141b13cefd59100f72c3a598
-
SHA512
a47d91fb8c9f3edeb18897989f93ff8e5a2f90a4fa19f512983512238597988e5b490ebd1595dcd0aaf294c222a51d3c10da5ea013bccb0948e538ee00b8bbe1
Static task
static1
Behavioral task
behavioral1
Sample
6CF07AB2FF64200E8CD38602D14BC566.exe
Resource
win7v20210408
Malware Config
Extracted
njrat
0.7d
HacKed
4.tcp.ngrok.io:14914
Windows Update
-
reg_key
Windows Update
-
splitter
|'|'|
Targets
-
-
Target
6CF07AB2FF64200E8CD38602D14BC566.exe
-
Size
1.2MB
-
MD5
6cf07ab2ff64200e8cd38602d14bc566
-
SHA1
74edddc5fa816ecd47bb0a90b4ed605e1b8e8e6b
-
SHA256
7a5ea108c883639b28770a677217474e15e8e26a141b13cefd59100f72c3a598
-
SHA512
a47d91fb8c9f3edeb18897989f93ff8e5a2f90a4fa19f512983512238597988e5b490ebd1595dcd0aaf294c222a51d3c10da5ea013bccb0948e538ee00b8bbe1
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-