General
-
Target
be243a3f9c118c77dbdb373bfa5809f5.exe
-
Size
37KB
-
Sample
220502-evsdtabff8
-
MD5
be243a3f9c118c77dbdb373bfa5809f5
-
SHA1
54c53b57cd00ac404115724aac87fa96a5fabd9b
-
SHA256
52854e4eb48a7fc9abdf0302209e474b152baa80ce0069ebfc82666e9f7847e1
-
SHA512
d10b0e2bd5eee9ce11c8db8cfdc2cc9d2fd72ca4ad5408c41f4503a83daa66e1adc6587fb1645b9b87302dbcd4d4ff777e55158aa647756c49e2723822c4ea0c
Behavioral task
behavioral1
Sample
be243a3f9c118c77dbdb373bfa5809f5.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
im523
lox
185.105.116.170:5552
7c833acad9ebf22ebc060ad9c6d0f1a2
-
reg_key
7c833acad9ebf22ebc060ad9c6d0f1a2
-
splitter
|'|'|
Targets
-
-
Target
be243a3f9c118c77dbdb373bfa5809f5.exe
-
Size
37KB
-
MD5
be243a3f9c118c77dbdb373bfa5809f5
-
SHA1
54c53b57cd00ac404115724aac87fa96a5fabd9b
-
SHA256
52854e4eb48a7fc9abdf0302209e474b152baa80ce0069ebfc82666e9f7847e1
-
SHA512
d10b0e2bd5eee9ce11c8db8cfdc2cc9d2fd72ca4ad5408c41f4503a83daa66e1adc6587fb1645b9b87302dbcd4d4ff777e55158aa647756c49e2723822c4ea0c
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-