General
-
Target
a4cbd44053b27e4e0e92caf3fc92ea0a21e42c3219261d6560e2c02f89e54ffc
-
Size
318KB
-
Sample
220524-2hkvjaecep
-
MD5
240ff486d71240a760a2d103c2e0c8ca
-
SHA1
10b3ae157cb93eec73efa74a0f96bdab566c3d95
-
SHA256
a4cbd44053b27e4e0e92caf3fc92ea0a21e42c3219261d6560e2c02f89e54ffc
-
SHA512
7ae62e284843785ff8fbc22dd07d9981ed9d4fd26089c93ba98ba80e9f9a3f28de88c6a8a21ca5776cce321d4f83dd3bb7ff46fb74b2df2c4e2f8834734f13be
Static task
static1
Behavioral task
behavioral1
Sample
a4cbd44053b27e4e0e92caf3fc92ea0a21e42c3219261d6560e2c02f89e54ffc.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
capurgol20.duckdns.org:2054
58057853830242c2a
-
reg_key
58057853830242c2a
-
splitter
@!#&^%$
Targets
-
-
Target
a4cbd44053b27e4e0e92caf3fc92ea0a21e42c3219261d6560e2c02f89e54ffc
-
Size
318KB
-
MD5
240ff486d71240a760a2d103c2e0c8ca
-
SHA1
10b3ae157cb93eec73efa74a0f96bdab566c3d95
-
SHA256
a4cbd44053b27e4e0e92caf3fc92ea0a21e42c3219261d6560e2c02f89e54ffc
-
SHA512
7ae62e284843785ff8fbc22dd07d9981ed9d4fd26089c93ba98ba80e9f9a3f28de88c6a8a21ca5776cce321d4f83dd3bb7ff46fb74b2df2c4e2f8834734f13be
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-