General
-
Target
1736d15a6e231dc07adf20120e4993da0e7c5249320f15a3990895b019847bb4
-
Size
43KB
-
Sample
220201-j28rlabcfl
-
MD5
8b3d6e19280126af96d8336cb9fb6b4c
-
SHA1
716dd142709b2c3aa00bc341020208bd436a491e
-
SHA256
1736d15a6e231dc07adf20120e4993da0e7c5249320f15a3990895b019847bb4
-
SHA512
0d255321568b25b2dc7c80cbb4a9c37027ad099d8790a17e9df18ec87d0d193de77e9029c8bed81c45b1fe7fbd6d26ebcabe77729fb1968c588af8cfd2b01057
Behavioral task
behavioral1
Sample
1736d15a6e231dc07adf20120e4993da0e7c5249320f15a3990895b019847bb4.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
1736d15a6e231dc07adf20120e4993da0e7c5249320f15a3990895b019847bb4.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
system
panzehir42.duckdns.org:1604
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
1736d15a6e231dc07adf20120e4993da0e7c5249320f15a3990895b019847bb4
-
Size
43KB
-
MD5
8b3d6e19280126af96d8336cb9fb6b4c
-
SHA1
716dd142709b2c3aa00bc341020208bd436a491e
-
SHA256
1736d15a6e231dc07adf20120e4993da0e7c5249320f15a3990895b019847bb4
-
SHA512
0d255321568b25b2dc7c80cbb4a9c37027ad099d8790a17e9df18ec87d0d193de77e9029c8bed81c45b1fe7fbd6d26ebcabe77729fb1968c588af8cfd2b01057
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Sets service image path in registry
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-