General
-
Target
bd46f270801c9d49f3075005afeec82600948c8d9794e70baad67050f2ace555
-
Size
373KB
-
Sample
220203-svnbrabbeq
-
MD5
742e33685f0b3257ac192e7b6695c8f5
-
SHA1
a3043a63883165298b6c62a44a9aeb6c3d27b762
-
SHA256
bd46f270801c9d49f3075005afeec82600948c8d9794e70baad67050f2ace555
-
SHA512
4410f522f0c626f409ab0a919562e3dd64f66ce0c3272c89a44cf4c99fe486ab2f5c2820eb8776d34d3e4ac985f5366a682980e0cdf6f9bff15c966b7c952c19
Static task
static1
Behavioral task
behavioral1
Sample
bd46f270801c9d49f3075005afeec82600948c8d9794e70baad67050f2ace555.exe
Resource
win7-en-20211208
Malware Config
Extracted
njrat
0.7.3
Lime
soportesltda30.duckdns.org:4433
Client.exe
-
reg_key
Client.exe
-
splitter
jairpicc
Targets
-
-
Target
bd46f270801c9d49f3075005afeec82600948c8d9794e70baad67050f2ace555
-
Size
373KB
-
MD5
742e33685f0b3257ac192e7b6695c8f5
-
SHA1
a3043a63883165298b6c62a44a9aeb6c3d27b762
-
SHA256
bd46f270801c9d49f3075005afeec82600948c8d9794e70baad67050f2ace555
-
SHA512
4410f522f0c626f409ab0a919562e3dd64f66ce0c3272c89a44cf4c99fe486ab2f5c2820eb8776d34d3e4ac985f5366a682980e0cdf6f9bff15c966b7c952c19
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-