General
-
Target
tmp/e0722f76-70d2-4ef7-97c2-49da0074ef6f_njstart_protected.exe
-
Size
1.0MB
-
Sample
211215-22f1pabefr
-
MD5
da5f2763cf0fa84529d7ba0747010f5e
-
SHA1
044d55baf6d230de0b283937f173bf7ed9118df1
-
SHA256
917e6769c889cf377bd6f602a13648ec4087b3fa0fb17cbe04d480ed7469f4fb
-
SHA512
12f5e9e3bbc33799cf1d6955562a8078ead772cd0cabb8e7a347f67fead33526cfdae1705463da35d7b4c3810b7e77f8dc2d70aacb15cec79aaab3c805313a4c
Static task
static1
Behavioral task
behavioral1
Sample
tmp/e0722f76-70d2-4ef7-97c2-49da0074ef6f_njstart_protected.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
tmp/e0722f76-70d2-4ef7-97c2-49da0074ef6f_njstart_protected.exe
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
tmp/e0722f76-70d2-4ef7-97c2-49da0074ef6f_njstart_protected.exe
-
Size
1.0MB
-
MD5
da5f2763cf0fa84529d7ba0747010f5e
-
SHA1
044d55baf6d230de0b283937f173bf7ed9118df1
-
SHA256
917e6769c889cf377bd6f602a13648ec4087b3fa0fb17cbe04d480ed7469f4fb
-
SHA512
12f5e9e3bbc33799cf1d6955562a8078ead772cd0cabb8e7a347f67fead33526cfdae1705463da35d7b4c3810b7e77f8dc2d70aacb15cec79aaab3c805313a4c
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-