General
-
Target
E1EA3A88EE3EF55FE02A84E9D652B57296941227F7D83.exe
-
Size
279KB
-
Sample
211130-3f1cwahaep
-
MD5
e0ab3b6c4db03ac6cf373c71b8ee629d
-
SHA1
b0472452f1f78c535358140f995ca0383b68d585
-
SHA256
e1ea3a88ee3ef55fe02a84e9d652b57296941227f7d8332b96068574162ef27a
-
SHA512
d8110b21f9d0d79d8b1a6e73ab66415d256b312bd618845bf733b4c00da7d92dad7c00fd9bd430772f3dbf3c193e75541c5235fbf49b95e4532604ea5f7e3070
Static task
static1
Behavioral task
behavioral1
Sample
E1EA3A88EE3EF55FE02A84E9D652B57296941227F7D83.exe
Resource
win7-en-20211104
Malware Config
Extracted
njrat
0.7d
HacKed
russia5319.ddns.net:1177
f6b2b94ea40dad02eb686dc0711f7aed
-
reg_key
f6b2b94ea40dad02eb686dc0711f7aed
-
splitter
|'|'|
Targets
-
-
Target
E1EA3A88EE3EF55FE02A84E9D652B57296941227F7D83.exe
-
Size
279KB
-
MD5
e0ab3b6c4db03ac6cf373c71b8ee629d
-
SHA1
b0472452f1f78c535358140f995ca0383b68d585
-
SHA256
e1ea3a88ee3ef55fe02a84e9d652b57296941227f7d8332b96068574162ef27a
-
SHA512
d8110b21f9d0d79d8b1a6e73ab66415d256b312bd618845bf733b4c00da7d92dad7c00fd9bd430772f3dbf3c193e75541c5235fbf49b95e4532604ea5f7e3070
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-