General
-
Target
383a6c007466499cfa142ff0c9bbc3ba64b330e515af20c5bb92c096b80f2e6e
-
Size
31KB
-
Sample
220520-2rsxhaahdn
-
MD5
a2b35164fb4b92f7ef0065532ab82e78
-
SHA1
603ba7b5558360f67e2b910d9cff37124b2d7efb
-
SHA256
383a6c007466499cfa142ff0c9bbc3ba64b330e515af20c5bb92c096b80f2e6e
-
SHA512
e786a41d5aba07d633a7b31f3cdac001da0412dc8236fa8baacb7019a9270c9e21308601caaeada50a02efa9db81da785972fc8781187d55f0ba05f54c72ee81
Behavioral task
behavioral1
Sample
383a6c007466499cfa142ff0c9bbc3ba64b330e515af20c5bb92c096b80f2e6e.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
Арсений
0.tcp.ngrok.io:19842
ee1e6669233e31211cc8a553e5cd1041
-
reg_key
ee1e6669233e31211cc8a553e5cd1041
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
383a6c007466499cfa142ff0c9bbc3ba64b330e515af20c5bb92c096b80f2e6e
-
Size
31KB
-
MD5
a2b35164fb4b92f7ef0065532ab82e78
-
SHA1
603ba7b5558360f67e2b910d9cff37124b2d7efb
-
SHA256
383a6c007466499cfa142ff0c9bbc3ba64b330e515af20c5bb92c096b80f2e6e
-
SHA512
e786a41d5aba07d633a7b31f3cdac001da0412dc8236fa8baacb7019a9270c9e21308601caaeada50a02efa9db81da785972fc8781187d55f0ba05f54c72ee81
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-