General
-
Target
C68153CED490F150AAA321F8E017F5C04525BFC729F68.exe
-
Size
23KB
-
Sample
211121-1c2enaedgq
-
MD5
6f583b03795a6bb7f086446ee6b11b62
-
SHA1
5c7df1e74ee956641304e93ccd6766dd81277c07
-
SHA256
c68153ced490f150aaa321f8e017f5c04525bfc729f68d8400fba21d0dfb1387
-
SHA512
903a04fe11097e5f9bf3c81d37e16bdce0b5febf56b36704f26f827ad1ffd49975096078711fa433931bacf2a5f7fed13ddeab66c716953a1a139eee03723786
Behavioral task
behavioral1
Sample
C68153CED490F150AAA321F8E017F5C04525BFC729F68.exe
Resource
win7-en-20211014
Malware Config
Extracted
njrat
0.7d
xButtoN
crlnegolamx.ddns.net:89
3b51fad99c0c53b7f1590d6f74c8fccb
-
reg_key
3b51fad99c0c53b7f1590d6f74c8fccb
-
splitter
|'|'|
Targets
-
-
Target
C68153CED490F150AAA321F8E017F5C04525BFC729F68.exe
-
Size
23KB
-
MD5
6f583b03795a6bb7f086446ee6b11b62
-
SHA1
5c7df1e74ee956641304e93ccd6766dd81277c07
-
SHA256
c68153ced490f150aaa321f8e017f5c04525bfc729f68d8400fba21d0dfb1387
-
SHA512
903a04fe11097e5f9bf3c81d37e16bdce0b5febf56b36704f26f827ad1ffd49975096078711fa433931bacf2a5f7fed13ddeab66c716953a1a139eee03723786
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Get Passwords)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Get Passwords)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-