General
-
Target
4159E161E24F40BD4964EB53AAEA050B685A4AA2B3BAC.exe
-
Size
455KB
-
Sample
211004-vmz2paggfq
-
MD5
aba309cde7801d52d82898085394fd7a
-
SHA1
5ca6bbeaff94b94ad7e8c54029d3096bcd4e914e
-
SHA256
4159e161e24f40bd4964eb53aaea050b685a4aa2b3bac12631180a6a9a403ad7
-
SHA512
567141b32102ec37954437c99bd633bdc4bcd073a1d91146fc9a81b74365bb9d69917ec076c6549843aac23d56641900e09fce76e0236a024e2ae856cf34e6b5
Static task
static1
Behavioral task
behavioral1
Sample
4159E161E24F40BD4964EB53AAEA050B685A4AA2B3BAC.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
4159E161E24F40BD4964EB53AAEA050B685A4AA2B3BAC.exe
Resource
win10v20210408
Malware Config
Extracted
njrat
im523
14.04.2017
ytka.duckdns.org:1604
ed423977d6a5549373be05c39703ea7d
-
reg_key
ed423977d6a5549373be05c39703ea7d
-
splitter
|'|'|
Targets
-
-
Target
4159E161E24F40BD4964EB53AAEA050B685A4AA2B3BAC.exe
-
Size
455KB
-
MD5
aba309cde7801d52d82898085394fd7a
-
SHA1
5ca6bbeaff94b94ad7e8c54029d3096bcd4e914e
-
SHA256
4159e161e24f40bd4964eb53aaea050b685a4aa2b3bac12631180a6a9a403ad7
-
SHA512
567141b32102ec37954437c99bd633bdc4bcd073a1d91146fc9a81b74365bb9d69917ec076c6549843aac23d56641900e09fce76e0236a024e2ae856cf34e6b5
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-