General
-
Target
996570A4F29509E3C74AA361E578F59001460810064F4.exe
-
Size
73KB
-
Sample
211102-c3tkqsgbam
-
MD5
7de9b1373f7e080121792869b172c537
-
SHA1
452f18d117ca728604b660f30aaafcd4f0c217f9
-
SHA256
996570a4f29509e3c74aa361e578f59001460810064f4a81be520e18291d56ab
-
SHA512
ae50753118eed6328e1c425ae8545034c9d782867eb8bd3d9a828309b7b19c6134cae2f2e0f44def4a0dc50f3eca743a2e6ffbf8a5287203aaf22050568b1d9a
Static task
static1
Behavioral task
behavioral1
Sample
996570A4F29509E3C74AA361E578F59001460810064F4.exe
Resource
win7-en-20211014
Malware Config
Extracted
njrat
0.7d
04040404
soportes.duckdns.org:2023
28a056e3673b28a4055fb90e48d147ab
-
reg_key
28a056e3673b28a4055fb90e48d147ab
-
splitter
|'|'|
Targets
-
-
Target
996570A4F29509E3C74AA361E578F59001460810064F4.exe
-
Size
73KB
-
MD5
7de9b1373f7e080121792869b172c537
-
SHA1
452f18d117ca728604b660f30aaafcd4f0c217f9
-
SHA256
996570a4f29509e3c74aa361e578f59001460810064f4a81be520e18291d56ab
-
SHA512
ae50753118eed6328e1c425ae8545034c9d782867eb8bd3d9a828309b7b19c6134cae2f2e0f44def4a0dc50f3eca743a2e6ffbf8a5287203aaf22050568b1d9a
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Modifies Windows Firewall
-
Drops startup file
-
Suspicious use of SetThreadContext
-