General
-
Target
d21436909e84bf1340fcfce87fc8cde6456b1b464ee821e969ef64800e684e30
-
Size
43KB
-
Sample
220523-zksxtabafl
-
MD5
eb1d61d4808ba559e096aa3ee3de3509
-
SHA1
b19fa5479433d4b180994fd0a9ace2fdfbca807a
-
SHA256
d21436909e84bf1340fcfce87fc8cde6456b1b464ee821e969ef64800e684e30
-
SHA512
4a7a12a65e7bf806555e4c1faec969baf23aa6176e37cf11f96cb947e273a94a22686d1a3ecc5d5d2dd1b5ff5476a9cb4d254886b22a28799270d088f5e29b6f
Behavioral task
behavioral1
Sample
d21436909e84bf1340fcfce87fc8cde6456b1b464ee821e969ef64800e684e30.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
d21436909e84bf1340fcfce87fc8cde6456b1b464ee821e969ef64800e684e30.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
topher
trojenimadamim.duckdns.org:1604
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
d21436909e84bf1340fcfce87fc8cde6456b1b464ee821e969ef64800e684e30
-
Size
43KB
-
MD5
eb1d61d4808ba559e096aa3ee3de3509
-
SHA1
b19fa5479433d4b180994fd0a9ace2fdfbca807a
-
SHA256
d21436909e84bf1340fcfce87fc8cde6456b1b464ee821e969ef64800e684e30
-
SHA512
4a7a12a65e7bf806555e4c1faec969baf23aa6176e37cf11f96cb947e273a94a22686d1a3ecc5d5d2dd1b5ff5476a9cb4d254886b22a28799270d088f5e29b6f
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-