General
-
Target
9666af313b4547d870572267f622774e88ec66f0af6f2d2216ac20340ebdc3f6
-
Size
31KB
-
Sample
220520-ezqe1scedn
-
MD5
cd5b35a866aa50c4286ed6cc0c8442a2
-
SHA1
d8e7139bd6dc8d6b2210cbb600d6b6c9c4a0e980
-
SHA256
9666af313b4547d870572267f622774e88ec66f0af6f2d2216ac20340ebdc3f6
-
SHA512
528b0c6bbcf1fd753dfa4fd781aa8e7df126d5600ae009b91449503bc711316446fab3a526059789ac6979c7080b123b16037515b072143b1cf6b3b1bd78e8c5
Static task
static1
Behavioral task
behavioral1
Sample
9666af313b4547d870572267f622774e88ec66f0af6f2d2216ac20340ebdc3f6.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
9666af313b4547d870572267f622774e88ec66f0af6f2d2216ac20340ebdc3f6.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Hacked By HiDDen PerSOn
fb2e1bea32da1b3fb4bb227d53dac402
-
reg_key
fb2e1bea32da1b3fb4bb227d53dac402
Targets
-
-
Target
9666af313b4547d870572267f622774e88ec66f0af6f2d2216ac20340ebdc3f6
-
Size
31KB
-
MD5
cd5b35a866aa50c4286ed6cc0c8442a2
-
SHA1
d8e7139bd6dc8d6b2210cbb600d6b6c9c4a0e980
-
SHA256
9666af313b4547d870572267f622774e88ec66f0af6f2d2216ac20340ebdc3f6
-
SHA512
528b0c6bbcf1fd753dfa4fd781aa8e7df126d5600ae009b91449503bc711316446fab3a526059789ac6979c7080b123b16037515b072143b1cf6b3b1bd78e8c5
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-