General
-
Target
f992aa328b81c89418d075b8a53e79b4eae71f9a97d50577c25a67c9c430031c
-
Size
374KB
-
Sample
220203-r5ab7safgp
-
MD5
1de15800d08f248b647077f0fe52f5c1
-
SHA1
40616e40110b24faf0ff3af1285e628f3f8e595d
-
SHA256
f992aa328b81c89418d075b8a53e79b4eae71f9a97d50577c25a67c9c430031c
-
SHA512
012995a859d376965363f49ef1cdaab5d88a9a57847786f2421183757942edf135f933f0a66ab0e2ce281c8287e3efa87c11f90118f0d745166614446132cc50
Static task
static1
Behavioral task
behavioral1
Sample
f992aa328b81c89418d075b8a53e79b4eae71f9a97d50577c25a67c9c430031c.exe
Resource
win7-en-20211208
Malware Config
Extracted
njrat
0.7.3
Lime
soportesltda30.duckdns.org:4433
Client.exe
-
reg_key
Client.exe
-
splitter
jairpicc
Targets
-
-
Target
f992aa328b81c89418d075b8a53e79b4eae71f9a97d50577c25a67c9c430031c
-
Size
374KB
-
MD5
1de15800d08f248b647077f0fe52f5c1
-
SHA1
40616e40110b24faf0ff3af1285e628f3f8e595d
-
SHA256
f992aa328b81c89418d075b8a53e79b4eae71f9a97d50577c25a67c9c430031c
-
SHA512
012995a859d376965363f49ef1cdaab5d88a9a57847786f2421183757942edf135f933f0a66ab0e2ce281c8287e3efa87c11f90118f0d745166614446132cc50
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-