General
-
Target
a4f62c45af96eb8cd4ef13910fecc554.exe
-
Size
36KB
-
Sample
211224-a2c59acgcl
-
MD5
a4f62c45af96eb8cd4ef13910fecc554
-
SHA1
5a716099195dd8f9d8a87f343be936c6d684b492
-
SHA256
1f7971e9d98d51e7a89cb3cc698ef9f4e0be8a31790c509f75993c1e61c159d9
-
SHA512
dfd8404697c018cb95ab16776e02738445178568fed682a54e17cecd99d6f3865dc91b5747f3bdec0e15daf85aa73fbc38b7c50e41423f76721851e59a122bf9
Behavioral task
behavioral1
Sample
a4f62c45af96eb8cd4ef13910fecc554.exe
Resource
win7-en-20211208
Malware Config
Extracted
njrat
im523
HacKed
bisbotbako.ddns.net:5553
96a463b52a9ece171dc1adc4c650aa32
-
reg_key
96a463b52a9ece171dc1adc4c650aa32
-
splitter
|'|'|
Targets
-
-
Target
a4f62c45af96eb8cd4ef13910fecc554.exe
-
Size
36KB
-
MD5
a4f62c45af96eb8cd4ef13910fecc554
-
SHA1
5a716099195dd8f9d8a87f343be936c6d684b492
-
SHA256
1f7971e9d98d51e7a89cb3cc698ef9f4e0be8a31790c509f75993c1e61c159d9
-
SHA512
dfd8404697c018cb95ab16776e02738445178568fed682a54e17cecd99d6f3865dc91b5747f3bdec0e15daf85aa73fbc38b7c50e41423f76721851e59a122bf9
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-