General
-
Target
d173b9844be24a9172f2f2adcde3dd65090afa690b1bd.exe
-
Size
4KB
-
Sample
211105-pths4aghel
-
MD5
b9a1c7dd8171afe0e3fc1524f5eafb18
-
SHA1
19b79357841b2bcb3438011f4c8e45f7278aeaa9
-
SHA256
d173b9844be24a9172f2f2adcde3dd65090afa690b1bd952a7da01de33ad60ef
-
SHA512
d57c9cf4a489dec1f8b17351173e1ffc202e454f214b85e132fbd5d8af2d4a611e50e1a7f85eb0dfce438539aaec3b143d1fafafbaa0def914f6401c5993da6d
Static task
static1
Behavioral task
behavioral1
Sample
d173b9844be24a9172f2f2adcde3dd65090afa690b1bd.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
d173b9844be24a9172f2f2adcde3dd65090afa690b1bd.exe
Resource
win10-en-20211014
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
redlan.linkpc.net:5553
3b407dd04ed042
-
reg_key
3b407dd04ed042
-
splitter
@!#&^%$
Targets
-
-
Target
d173b9844be24a9172f2f2adcde3dd65090afa690b1bd.exe
-
Size
4KB
-
MD5
b9a1c7dd8171afe0e3fc1524f5eafb18
-
SHA1
19b79357841b2bcb3438011f4c8e45f7278aeaa9
-
SHA256
d173b9844be24a9172f2f2adcde3dd65090afa690b1bd952a7da01de33ad60ef
-
SHA512
d57c9cf4a489dec1f8b17351173e1ffc202e454f214b85e132fbd5d8af2d4a611e50e1a7f85eb0dfce438539aaec3b143d1fafafbaa0def914f6401c5993da6d
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-