General
-
Target
иуеr.exe
-
Size
25KB
-
Sample
220522-ww3dvaagf4
-
MD5
ae72c198c0825712f203e258571c0e87
-
SHA1
066ef64d5f5bb96e1714247c97aaf291907a7b3f
-
SHA256
7237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
-
SHA512
a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
Static task
static1
Behavioral task
behavioral1
Sample
иуеr.exe
Resource
win10-20220414-en
Behavioral task
behavioral2
Sample
иуеr.exe
Resource
win11-20220223-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
gay
7.tcp.eu.ngrok.io:14345
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
иуеr.exe
-
Size
25KB
-
MD5
ae72c198c0825712f203e258571c0e87
-
SHA1
066ef64d5f5bb96e1714247c97aaf291907a7b3f
-
SHA256
7237dd5e4e0c1f2bb79a3ede0919cddf1cac7f1095deb1070275ac4669691c65
-
SHA512
a48c90badd2346df3e8f1cb1807b9f22177835aba52f2718ed8bc0c00fd4f5020958fe6e8b02c23c1c7380b68c96b1ad17dee51a536a0a26e4f98598354604a1
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Drops startup file
-
Adds Run key to start application
-