General
-
Target
303424A6536EEDB027734B0557A32A064CEB0ED35F225.exe
-
Size
342KB
-
Sample
210926-qaqv2aegfj
-
MD5
ab09790ec8dbb4c257d8a7c0f3a49943
-
SHA1
1b45a0349f77c7e07b725d32a5a32e80c00eef24
-
SHA256
303424a6536eedb027734b0557a32a064ceb0ed35f225d3f434a010fa13fe106
-
SHA512
b420c0e0064de4038ad332316168e59ab88a6ffd63c5ccc1eb36c7b29a2b449591fc0af0557399e9677d8a503302c9e50ccf060f56e7c971cfe0d6ebeb814db3
Static task
static1
Behavioral task
behavioral1
Sample
303424A6536EEDB027734B0557A32A064CEB0ED35F225.exe
Resource
win7-en-20210920
Malware Config
Extracted
njrat
0.7d
BAYRAMM
cihan05.duckdns.org:1981
47da9b71ec9839dd4ca48977f70dcfda
-
reg_key
47da9b71ec9839dd4ca48977f70dcfda
-
splitter
|'|'|
Targets
-
-
Target
303424A6536EEDB027734B0557A32A064CEB0ED35F225.exe
-
Size
342KB
-
MD5
ab09790ec8dbb4c257d8a7c0f3a49943
-
SHA1
1b45a0349f77c7e07b725d32a5a32e80c00eef24
-
SHA256
303424a6536eedb027734b0557a32a064ceb0ed35f225d3f434a010fa13fe106
-
SHA512
b420c0e0064de4038ad332316168e59ab88a6ffd63c5ccc1eb36c7b29a2b449591fc0af0557399e9677d8a503302c9e50ccf060f56e7c971cfe0d6ebeb814db3
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-