General
-
Target
b251f070fcb0f3860976575737f90608919b194d7063a85981eee96cc85d7e7c
-
Size
3.3MB
-
Sample
220520-z95b5sdfe5
-
MD5
4b5522eebcad10beac06216513281c63
-
SHA1
ec0fa68acfb0461a283df076b239191a69fed59a
-
SHA256
b251f070fcb0f3860976575737f90608919b194d7063a85981eee96cc85d7e7c
-
SHA512
9f233a6dc82c59f8bb0e97a92325de7f3abc11bc4999db8a365b8fab86dc07e69fa67f1ab59fccda13c4b40786e3265e0d41da8b967f4f392a602dc6198fc51a
Static task
static1
Behavioral task
behavioral1
Sample
b251f070fcb0f3860976575737f90608919b194d7063a85981eee96cc85d7e7c.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7.3
Lime
0.tcp.ngrok.io:17495
Client.exe
-
reg_key
Client.exe
-
splitter
123456
Targets
-
-
Target
b251f070fcb0f3860976575737f90608919b194d7063a85981eee96cc85d7e7c
-
Size
3.3MB
-
MD5
4b5522eebcad10beac06216513281c63
-
SHA1
ec0fa68acfb0461a283df076b239191a69fed59a
-
SHA256
b251f070fcb0f3860976575737f90608919b194d7063a85981eee96cc85d7e7c
-
SHA512
9f233a6dc82c59f8bb0e97a92325de7f3abc11bc4999db8a365b8fab86dc07e69fa67f1ab59fccda13c4b40786e3265e0d41da8b967f4f392a602dc6198fc51a
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njRAT/Bladabindi Variant (Lime) CnC Checkin
suricata: ET MALWARE njRAT/Bladabindi Variant (Lime) CnC Checkin
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-