General
-
Target
53865d1829e63413261f2353933102b40a3b2f605b6c7ba3b89b287b309ba926
-
Size
93KB
-
Sample
220520-e5lzsacghk
-
MD5
34307aa6518e2d8793bbcc79ecee7fc0
-
SHA1
019d4bd745bfc4d36f196ed6ed41d81e478c0d10
-
SHA256
53865d1829e63413261f2353933102b40a3b2f605b6c7ba3b89b287b309ba926
-
SHA512
6ea91a8df045be7ea6fced1c0e67eeba4ecd1688f891a02feedd84c594eade0d67338158413fb97a8024ed4848858d2ac2cf0df656ea848d9a9af664d7177974
Behavioral task
behavioral1
Sample
53865d1829e63413261f2353933102b40a3b2f605b6c7ba3b89b287b309ba926.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed
FRANSESCOC50Y3Aubmdyb2suaW8Strik:MTM1Nzg=
73137daa68006467b187b2f414df684d
-
reg_key
73137daa68006467b187b2f414df684d
-
splitter
|'|'|
Targets
-
-
Target
53865d1829e63413261f2353933102b40a3b2f605b6c7ba3b89b287b309ba926
-
Size
93KB
-
MD5
34307aa6518e2d8793bbcc79ecee7fc0
-
SHA1
019d4bd745bfc4d36f196ed6ed41d81e478c0d10
-
SHA256
53865d1829e63413261f2353933102b40a3b2f605b6c7ba3b89b287b309ba926
-
SHA512
6ea91a8df045be7ea6fced1c0e67eeba4ecd1688f891a02feedd84c594eade0d67338158413fb97a8024ed4848858d2ac2cf0df656ea848d9a9af664d7177974
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-