General
-
Target
8E8732B9BEBC8382E938B48697E79FEB4B06528DF41FD.exe
-
Size
23KB
-
Sample
211005-hgfpmshfcq
-
MD5
c7b942aee6ebe5d43a3b7398eda1f0ee
-
SHA1
11a0690bd6158cbcc5ddb55282751689df0538ed
-
SHA256
8e8732b9bebc8382e938b48697e79feb4b06528df41fd855b540dce788f6d8b3
-
SHA512
9ce157ef003f80a0b8a88a32bb91d5138a5ead35340ea7bd513a79487cc33fcb830334449015805ef4bf0ae30bdd42eac0c23339129f448e1e945ef7fe50323a
Behavioral task
behavioral1
Sample
8E8732B9BEBC8382E938B48697E79FEB4B06528DF41FD.exe
Resource
win7-en-20210920
Malware Config
Extracted
njrat
0.7d
MyBot
167.71.56.116:22232
290df5fa05cb4394e161de39f67a971b
-
reg_key
290df5fa05cb4394e161de39f67a971b
-
splitter
|'|'|
Targets
-
-
Target
8E8732B9BEBC8382E938B48697E79FEB4B06528DF41FD.exe
-
Size
23KB
-
MD5
c7b942aee6ebe5d43a3b7398eda1f0ee
-
SHA1
11a0690bd6158cbcc5ddb55282751689df0538ed
-
SHA256
8e8732b9bebc8382e938b48697e79feb4b06528df41fd855b540dce788f6d8b3
-
SHA512
9ce157ef003f80a0b8a88a32bb91d5138a5ead35340ea7bd513a79487cc33fcb830334449015805ef4bf0ae30bdd42eac0c23339129f448e1e945ef7fe50323a
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-