General
-
Target
dllhost.exe
-
Size
93KB
-
Sample
220614-s714dabdd2
-
MD5
3981bc5841eda6cb5bea733f18711f0a
-
SHA1
c2fa36ddf5583d4d8acb2708d8b99773ba2fc4ce
-
SHA256
5dae5e47219476cfd682ae4a1e7e2e554fb2fccecd1b4fe7569f74ce4e44f097
-
SHA512
2ab52c78a7c3e20773fcf5679c925c413efdde050e568218dac45dd09b960aa3e763eca55932ef4e0723ecb23b533b250562374a9af3733a52ed392b9a756d58
Malware Config
Extracted
njrat
0.7d
MediaGet
OTFRANSESCOuOTkuFRANSESCOTA0Ljk2:MTc1MjQ=
e16ca4b3ba16d929041c508a1cd98a13
-
reg_key
e16ca4b3ba16d929041c508a1cd98a13
-
splitter
|'|'|
Targets
-
-
Target
dllhost.exe
-
Size
93KB
-
MD5
3981bc5841eda6cb5bea733f18711f0a
-
SHA1
c2fa36ddf5583d4d8acb2708d8b99773ba2fc4ce
-
SHA256
5dae5e47219476cfd682ae4a1e7e2e554fb2fccecd1b4fe7569f74ce4e44f097
-
SHA512
2ab52c78a7c3e20773fcf5679c925c413efdde050e568218dac45dd09b960aa3e763eca55932ef4e0723ecb23b533b250562374a9af3733a52ed392b9a756d58
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Get Passwords)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Get Passwords)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Drops file in System32 directory
-