General
-
Target
6C8F0805290D03AB8FE1D2E21EAF62B80AB8677C43027.exe
-
Size
82KB
-
Sample
210916-rb4c7agddq
-
MD5
42f06a2dd04a0b84c019557cc07f0cb6
-
SHA1
9f8b00c0cefd6e80ed813ac25b55b57e1289c724
-
SHA256
6c8f0805290d03ab8fe1d2e21eaf62b80ab8677c430272f23dea52de6e4d8998
-
SHA512
15228012f88fb714d868aec24574c532bb49a7f56ebdd8a97922d0a569a37c6f112cdb1224db37df50196c9cc08c07e90a1f72c26978adaaeec12212ef9a9556
Static task
static1
Behavioral task
behavioral1
Sample
6C8F0805290D03AB8FE1D2E21EAF62B80AB8677C43027.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
6C8F0805290D03AB8FE1D2E21EAF62B80AB8677C43027.exe
Resource
win10v20210408
Malware Config
Extracted
njrat
0.7 MultiHost
000000
karmina112.sytes.net,karmina115.sytes.net,burdun.dynu.net,burdun115.dynu.net,anunankis3.duckdns.org:1177
-
reg_key
670b14728ad9902aecba32e22fa4f6bd
-
splitter
|'|'|
Targets
-
-
Target
6C8F0805290D03AB8FE1D2E21EAF62B80AB8677C43027.exe
-
Size
82KB
-
MD5
42f06a2dd04a0b84c019557cc07f0cb6
-
SHA1
9f8b00c0cefd6e80ed813ac25b55b57e1289c724
-
SHA256
6c8f0805290d03ab8fe1d2e21eaf62b80ab8677c430272f23dea52de6e4d8998
-
SHA512
15228012f88fb714d868aec24574c532bb49a7f56ebdd8a97922d0a569a37c6f112cdb1224db37df50196c9cc08c07e90a1f72c26978adaaeec12212ef9a9556
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Modify Registry
1Discovery
System Information Discovery
1Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Registry Run Keys / Startup Folder
1Privilege Escalation