General
-
Target
03400b0baec9c5e28a4c8b9a581cea7d.exe
-
Size
500KB
-
Sample
220512-s5bqpsadg5
-
MD5
03400b0baec9c5e28a4c8b9a581cea7d
-
SHA1
cac992a233a4e478bf645750fa927f2167bcd0df
-
SHA256
bf8e99aff676c619236dd47399d9a43e8f3afb9df78aa2852f8270ae4870be48
-
SHA512
fa93a4eed519b153fb5d60527ac738163c9c71ca36596acb388c6282cd78c3b2aea1681d926a9dad4576b61780f2afce0b6a141728d39b8da203374117bbc5c8
Static task
static1
Behavioral task
behavioral1
Sample
03400b0baec9c5e28a4c8b9a581cea7d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
03400b0baec9c5e28a4c8b9a581cea7d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7.3
JUNIO30
verde2020.duckdns.org:7782
Client.exe
-
reg_key
Client.exe
-
splitter
1234
Targets
-
-
Target
03400b0baec9c5e28a4c8b9a581cea7d.exe
-
Size
500KB
-
MD5
03400b0baec9c5e28a4c8b9a581cea7d
-
SHA1
cac992a233a4e478bf645750fa927f2167bcd0df
-
SHA256
bf8e99aff676c619236dd47399d9a43e8f3afb9df78aa2852f8270ae4870be48
-
SHA512
fa93a4eed519b153fb5d60527ac738163c9c71ca36596acb388c6282cd78c3b2aea1681d926a9dad4576b61780f2afce0b6a141728d39b8da203374117bbc5c8
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-