General
-
Target
0AD97BE849C854DDEA3A0DF0597C8E9B2DC8DD4D274B9.exe
-
Size
25KB
-
Sample
211213-yw6sdafdal
-
MD5
ec08bdb2c15f50947f399f1f3825b69b
-
SHA1
602fe73180c9662ce229d090075a33e7e2cbc56c
-
SHA256
0ad97be849c854ddea3a0df0597c8e9b2dc8dd4d274b9f4a89f2dc3e9a9fff3a
-
SHA512
612ee1c4d512f58eea60670e4c3e2600be0d29b47b648741a294c1c72ddd7d6d1ee398cf30a00a471436ec3b92949d8bafe4b573df3bdd9df25224be9d1d1630
Static task
static1
Behavioral task
behavioral1
Sample
0AD97BE849C854DDEA3A0DF0597C8E9B2DC8DD4D274B9.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0AD97BE849C854DDEA3A0DF0597C8E9B2DC8DD4D274B9.exe
Resource
win10-en-20211208
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
8.tcp.ngrok.io:14002
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
0AD97BE849C854DDEA3A0DF0597C8E9B2DC8DD4D274B9.exe
-
Size
25KB
-
MD5
ec08bdb2c15f50947f399f1f3825b69b
-
SHA1
602fe73180c9662ce229d090075a33e7e2cbc56c
-
SHA256
0ad97be849c854ddea3a0df0597c8e9b2dc8dd4d274b9f4a89f2dc3e9a9fff3a
-
SHA512
612ee1c4d512f58eea60670e4c3e2600be0d29b47b648741a294c1c72ddd7d6d1ee398cf30a00a471436ec3b92949d8bafe4b573df3bdd9df25224be9d1d1630
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Drops startup file
-
Adds Run key to start application
-