General
-
Target
Electronic Tickets EDC.pdf.lnk
-
Size
2KB
-
Sample
220104-jd5p2aaehp
-
MD5
34bdd2618a00931b868b76fa30b0b90a
-
SHA1
7503950b391c35b82c2903d2b6534487d1621d03
-
SHA256
24dd2af82ba220d2f86df039b39c6fd38515d99093a3a42eb54da6af0759969c
-
SHA512
83fa56f79b6ff9203ca9dbed3c2a6f92b38b240ae1215987a86c22302b11c47bd24a57494738e459f3c67c8390716435b9d0a0cedd41f130a2560cb1886444ac
Static task
static1
Malware Config
Extracted
http://149.56.200.165/dll/3.txt
Extracted
njrat
0.7NC
NYAN CAT
venomsi.mypsx.net:83
e6bb431cd02
-
reg_key
e6bb431cd02
-
splitter
@!#&^%$
Targets
-
-
Target
Electronic Tickets EDC.pdf.lnk
-
Size
2KB
-
MD5
34bdd2618a00931b868b76fa30b0b90a
-
SHA1
7503950b391c35b82c2903d2b6534487d1621d03
-
SHA256
24dd2af82ba220d2f86df039b39c6fd38515d99093a3a42eb54da6af0759969c
-
SHA512
83fa56f79b6ff9203ca9dbed3c2a6f92b38b240ae1215987a86c22302b11c47bd24a57494738e459f3c67c8390716435b9d0a0cedd41f130a2560cb1886444ac
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-