General
-
Target
18f1f44a28639057e66f8390d4faa3df.exe
-
Size
31KB
-
Sample
211202-k3bc6adgbk
-
MD5
18f1f44a28639057e66f8390d4faa3df
-
SHA1
ee8cf7689899772f5e59e66bc66b89fd19269ea0
-
SHA256
a70002c527a508f14051e606115ad0a04c045d7ffdb6a70ed01361b3ce7b3de2
-
SHA512
d91eb5032067e9b36a9b6d67ad2d335b650ff1de17b272740f94fcd58d644caae0dbd236e1da11284d5538b92b38d6c6d49b0c7ea0d0a96d2d47849bab6d86b6
Behavioral task
behavioral1
Sample
18f1f44a28639057e66f8390d4faa3df.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
18f1f44a28639057e66f8390d4faa3df.exe
Resource
win10-en-20211014
Malware Config
Extracted
njrat
0.7d
MyBot
8.tcp.ngrok.io:13962
aaffeb7a5f54025070b8e182b1fa7d98
-
reg_key
aaffeb7a5f54025070b8e182b1fa7d98
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
18f1f44a28639057e66f8390d4faa3df.exe
-
Size
31KB
-
MD5
18f1f44a28639057e66f8390d4faa3df
-
SHA1
ee8cf7689899772f5e59e66bc66b89fd19269ea0
-
SHA256
a70002c527a508f14051e606115ad0a04c045d7ffdb6a70ed01361b3ce7b3de2
-
SHA512
d91eb5032067e9b36a9b6d67ad2d335b650ff1de17b272740f94fcd58d644caae0dbd236e1da11284d5538b92b38d6c6d49b0c7ea0d0a96d2d47849bab6d86b6
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-