General
-
Target
2691AC49A444378F3C668C7EAAF0E0E0ABF95C5C3053A.exe
-
Size
6.1MB
-
Sample
220517-qce7baehcp
-
MD5
5f9e61796a21e65f9a03f92ee6a8f6d8
-
SHA1
d6032fd04db0fbb6195b6e8d31491a3fc289f1ce
-
SHA256
2691ac49a444378f3c668c7eaaf0e0e0abf95c5c3053a516b3f9a78c9a8885ba
-
SHA512
402ed4a2a376621e2674f1539c9ec6ac85b9118cb2133054ea2d960e98bf06efdd12b50f135841872450d3e07c231d2b6d8cab91315f05771226ec2546596eeb
Static task
static1
Behavioral task
behavioral1
Sample
2691AC49A444378F3C668C7EAAF0E0E0ABF95C5C3053A.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2691AC49A444378F3C668C7EAAF0E0E0ABF95C5C3053A.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://supportnimbuzz.hexat.com/3/Att.jpg
Extracted
njrat
0.7NC
NYAN CAT
ameen.myftp.biz:7788
76420c32f4f
-
reg_key
76420c32f4f
-
splitter
@!#&^%$
Targets
-
-
Target
2691AC49A444378F3C668C7EAAF0E0E0ABF95C5C3053A.exe
-
Size
6.1MB
-
MD5
5f9e61796a21e65f9a03f92ee6a8f6d8
-
SHA1
d6032fd04db0fbb6195b6e8d31491a3fc289f1ce
-
SHA256
2691ac49a444378f3c668c7eaaf0e0e0abf95c5c3053a516b3f9a78c9a8885ba
-
SHA512
402ed4a2a376621e2674f1539c9ec6ac85b9118cb2133054ea2d960e98bf06efdd12b50f135841872450d3e07c231d2b6d8cab91315f05771226ec2546596eeb
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-