General
-
Target
dllhost.exe
-
Size
93KB
-
Sample
220613-xpfryaedf3
-
MD5
475aaede20d0e0de3c6e6589f7d2743e
-
SHA1
3454f920325b22d7293fdd50e0b97bbc4c8f9a05
-
SHA256
9a601d190647482c1631ca2c94341f1e98719cb2c1a0c36a57d98d46a386711d
-
SHA512
84cf48dd1bfe10e53ba61feab37cd806fea13604894b42253a7aacfc84328a9687ba86f2956983aabbc7bace9adad92a0fb3fbbfab6f27bcee072b4695f2ae11
Malware Config
Extracted
njrat
0.7d
MediaGet
OTFRANSESCOuOTkuFRANSESCOTA0Ljk2:MTc1MjQ=
e16ca4b3ba16d929041c508a1cd98a13
-
reg_key
e16ca4b3ba16d929041c508a1cd98a13
-
splitter
|'|'|
Targets
-
-
Target
dllhost.exe
-
Size
93KB
-
MD5
475aaede20d0e0de3c6e6589f7d2743e
-
SHA1
3454f920325b22d7293fdd50e0b97bbc4c8f9a05
-
SHA256
9a601d190647482c1631ca2c94341f1e98719cb2c1a0c36a57d98d46a386711d
-
SHA512
84cf48dd1bfe10e53ba61feab37cd806fea13604894b42253a7aacfc84328a9687ba86f2956983aabbc7bace9adad92a0fb3fbbfab6f27bcee072b4695f2ae11
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Drops file in System32 directory
-