General
-
Target
2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660
-
Size
360B
-
Sample
220521-m989wagdgp
-
MD5
cfd1923ef62eda51c93b8b3599941acd
-
SHA1
ec8712a15560aa43ba4710ea574f5443ae5c5c5c
-
SHA256
2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660
-
SHA512
043f86e5448c4bcc941da02471797d3b863644502bdc36a9c97ab693b888eee2fafcf35e5ffbdce1afcaaf1b77869b50c49e49274ad7a0543b49a993d32ff5c6
Static task
static1
Behavioral task
behavioral1
Sample
2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660.ps1
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660.ps1
Resource
win10v2004-20220414-en
Malware Config
Extracted
https://pastebin.com/raw/Qkwjgmp3
Targets
-
-
Target
2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660
-
Size
360B
-
MD5
cfd1923ef62eda51c93b8b3599941acd
-
SHA1
ec8712a15560aa43ba4710ea574f5443ae5c5c5c
-
SHA256
2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660
-
SHA512
043f86e5448c4bcc941da02471797d3b863644502bdc36a9c97ab693b888eee2fafcf35e5ffbdce1afcaaf1b77869b50c49e49274ad7a0543b49a993d32ff5c6
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Legitimate hosting services abused for malware hosting/C2
-