General
-
Target
5415876078239744.zip
-
Size
130KB
-
Sample
220121-1b69hsbfdp
-
MD5
9d892866edeb51cb29cc2721a7148f81
-
SHA1
ed09749f67308a30801ffcf6f528eea3f9bf3f69
-
SHA256
742e7b3fa903eb64cb3160861636df034123fdfecb271da1235703d246ade55f
-
SHA512
9f99d92a448e51dd2a68a8160b4cbe4d432b96ac83be6b9be032ab784d19058c5e15a7c2299dd187940b15a7f2d546a1b72260b98217b32528f2c1793276367b
Static task
static1
Behavioral task
behavioral1
Sample
#93874654.exe
Resource
win7-en-20211208
Malware Config
Extracted
njrat
1.9
HacKed
Microsoft.Exe
-
reg_key
Microsoft.Exe
Targets
-
-
Target
#93874654.exe
-
Size
300.0MB
-
MD5
a7328c9dba8e429ee5e171a661505137
-
SHA1
f637c4df8840fb7cc8fa93e925294145cab91457
-
SHA256
6248199255f4525503101e01e38d60fda27ee9bcc72a74a817dc1d01596d2a9b
-
SHA512
139c83862561881e328084d813509518fa353d07b532549cf93e7bed9151b137a9239b1c8e2162c85e4956bf327efb847a9643177cbf88cde89634779ddb2ca2
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-