General
-
Target
DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
-
Size
91KB
-
Sample
210916-v9en9sggak
-
MD5
6b5bc3eba86c9efbdf993773af3f593e
-
SHA1
0fd0f10d34c28a928e69343caeeed7803646be8f
-
SHA256
dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07
-
SHA512
cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1
Static task
static1
Behavioral task
behavioral1
Sample
DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
Resource
win10v20210408
Malware Config
Extracted
njrat
0.7 MultiHost
HacKed
anunankis1.duckdns.org,anunankis3.duckdns.org,karmina112.sytes.net,karmina114.sytes.net,burdun.dynu.net,burdun114.dynu.net:1177
8746d62c81bb0c573a0a1086f9955c7b
-
reg_key
8746d62c81bb0c573a0a1086f9955c7b
-
splitter
|'|'|
Targets
-
-
Target
DBD5E126CAD149E95614507E63A255F2B26B9A4E539B7.exe
-
Size
91KB
-
MD5
6b5bc3eba86c9efbdf993773af3f593e
-
SHA1
0fd0f10d34c28a928e69343caeeed7803646be8f
-
SHA256
dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07
-
SHA512
cd5c91dc4de88b46384a6c615f6a0da3250a00a34c11221c8dcf9d857fde0ce8cff0a55f8442e2b7a1758d2f7b77b69d7265cc96427f972295124c06095cc3d1
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-