General
-
Target
5b0e04c4f91d5aaac3ee3ce0eb2a1c6f.exe
-
Size
396KB
-
Sample
220514-spk97sadg2
-
MD5
5b0e04c4f91d5aaac3ee3ce0eb2a1c6f
-
SHA1
dd539b2dae5964501c364bf932ce8e9f9dc500af
-
SHA256
dbc7c72ec05fae8f586a80826e6929cb26ec2fab3623620bb3edaea0139385a3
-
SHA512
1ee3527a2ad3c7b6f393097ad60742ba3dfb14758feaf01188662a091c91f914390761fdb5751e1cbdb201d21cc1a086d09a7326d140a58d196266c458a2ea18
Static task
static1
Behavioral task
behavioral1
Sample
5b0e04c4f91d5aaac3ee3ce0eb2a1c6f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5b0e04c4f91d5aaac3ee3ce0eb2a1c6f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
v2.0
HacKed
104.243.35.208:4004
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
5b0e04c4f91d5aaac3ee3ce0eb2a1c6f.exe
-
Size
396KB
-
MD5
5b0e04c4f91d5aaac3ee3ce0eb2a1c6f
-
SHA1
dd539b2dae5964501c364bf932ce8e9f9dc500af
-
SHA256
dbc7c72ec05fae8f586a80826e6929cb26ec2fab3623620bb3edaea0139385a3
-
SHA512
1ee3527a2ad3c7b6f393097ad60742ba3dfb14758feaf01188662a091c91f914390761fdb5751e1cbdb201d21cc1a086d09a7326d140a58d196266c458a2ea18
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-