General
-
Target
d3545b469629c5f047df0cb6b4b4ed8587e44a173c2fbef42f987042b3f1a0a3
-
Size
346KB
-
Sample
220203-slhd5sbadl
-
MD5
b67cc47347d1ea5450a9779385b98c03
-
SHA1
43684e3f72f1b3c229d68de3d13735f8a2a6577f
-
SHA256
d3545b469629c5f047df0cb6b4b4ed8587e44a173c2fbef42f987042b3f1a0a3
-
SHA512
23fe7d63c13fd71b917039415c8fd15ebe04c4363a816886a1041e0e5f843cc116972de8232fdf140e1dc38237a2457ffdcaa21424e5c8311436b0d69c18fbb8
Static task
static1
Behavioral task
behavioral1
Sample
d3545b469629c5f047df0cb6b4b4ed8587e44a173c2fbef42f987042b3f1a0a3.exe
Resource
win7-en-20211208
Malware Config
Extracted
https://cdn.discordapp.com/attachments/858084204901564479/867768611681468457/Main.png
Extracted
njrat
0.7NC
NYAN CAT
grennoj.duckdns.org:8000
f171208f74a9
-
reg_key
f171208f74a9
-
splitter
@!#&^%$
Targets
-
-
Target
d3545b469629c5f047df0cb6b4b4ed8587e44a173c2fbef42f987042b3f1a0a3
-
Size
346KB
-
MD5
b67cc47347d1ea5450a9779385b98c03
-
SHA1
43684e3f72f1b3c229d68de3d13735f8a2a6577f
-
SHA256
d3545b469629c5f047df0cb6b4b4ed8587e44a173c2fbef42f987042b3f1a0a3
-
SHA512
23fe7d63c13fd71b917039415c8fd15ebe04c4363a816886a1041e0e5f843cc116972de8232fdf140e1dc38237a2457ffdcaa21424e5c8311436b0d69c18fbb8
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-