General
-
Target
Desktop.exe
-
Size
516KB
-
Sample
220613-wdtnzseag6
-
MD5
76ae0eca1c902efaeb09d2990f8ed33c
-
SHA1
e1a0175371ab6f0fbff640b774bae4055c317ae4
-
SHA256
87e69661b35f6833b236a1581e2b0d6b0d1a89947109004b7fcc0e02ea72b9dd
-
SHA512
77e638753313c3b72135c4aa142d543422a3bf9ec02b8f2ef9f369cdf69d42df8d83a6a2e04f07eaf1134150c075f58a70675f3c4255d8841d73aa560a47ec1c
Static task
static1
Malware Config
Extracted
njrat
0.7d
MediaGet
OTFRANSESCOuOTkuFRANSESCOTA0Ljk2:MTc1MjQ=
1571b5852404c7525e9ab9a97346d0fb
-
reg_key
1571b5852404c7525e9ab9a97346d0fb
-
splitter
|'|'|
Extracted
njrat
im523
popka
185.204.1.236:8648
73669228637201240c020112fc761ef3
-
reg_key
73669228637201240c020112fc761ef3
-
splitter
|'|'|
Targets
-
-
Target
Desktop.exe
-
Size
516KB
-
MD5
76ae0eca1c902efaeb09d2990f8ed33c
-
SHA1
e1a0175371ab6f0fbff640b774bae4055c317ae4
-
SHA256
87e69661b35f6833b236a1581e2b0d6b0d1a89947109004b7fcc0e02ea72b9dd
-
SHA512
77e638753313c3b72135c4aa142d543422a3bf9ec02b8f2ef9f369cdf69d42df8d83a6a2e04f07eaf1134150c075f58a70675f3c4255d8841d73aa560a47ec1c
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-