General
-
Target
Server.exe
-
Size
25KB
-
Sample
220613-m468bscad9
-
MD5
7201bca64567be4cd9b0d8debf8ed1b0
-
SHA1
8525c615c51e1361cf0bc3d40ac007e9d58a6b92
-
SHA256
718c12ab5271ab853f9f758f20637bfc5008a53113a39734d064b4d7e806c244
-
SHA512
f5d294e84ce14d6498e9a555881d862cbe1d713e9e48cecbb941b4c0f7046d4948971f6812ac2cf499a84f21df72ea29bdd42db1d4a6553769448bbddc25b8f0
Static task
static1
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
gay
4.tcp.eu.ngrok.io:15404
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
Server.exe
-
Size
25KB
-
MD5
7201bca64567be4cd9b0d8debf8ed1b0
-
SHA1
8525c615c51e1361cf0bc3d40ac007e9d58a6b92
-
SHA256
718c12ab5271ab853f9f758f20637bfc5008a53113a39734d064b4d7e806c244
-
SHA512
f5d294e84ce14d6498e9a555881d862cbe1d713e9e48cecbb941b4c0f7046d4948971f6812ac2cf499a84f21df72ea29bdd42db1d4a6553769448bbddc25b8f0
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-