General
-
Target
File 2.js
-
Size
51KB
-
Sample
220616-mrm9paecdk
-
MD5
199c37a6953be6415f368cafa8525133
-
SHA1
c28cfdd4d9f80ba3873a134f9f21815e0b6540bc
-
SHA256
cfe9dc76a15fae96808fa814135113d763fcf418aae410cea34580b15fb00edd
-
SHA512
4cb1beada3ec189732331926b5db39d51654dbea5ae9bfe764d63636adf788312c2be7513c40186480d4140882b0a251dda292e7437aa3fc8ca437508ba7c044
Static task
static1
Behavioral task
behavioral1
Sample
File 2.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
File 2.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed By MustyMoney
104.168.7.110:5552
72f64d4ec723544c65ffca1cd7ba4ee6
-
reg_key
72f64d4ec723544c65ffca1cd7ba4ee6
-
splitter
|'|'|
Targets
-
-
Target
File 2.js
-
Size
51KB
-
MD5
199c37a6953be6415f368cafa8525133
-
SHA1
c28cfdd4d9f80ba3873a134f9f21815e0b6540bc
-
SHA256
cfe9dc76a15fae96808fa814135113d763fcf418aae410cea34580b15fb00edd
-
SHA512
4cb1beada3ec189732331926b5db39d51654dbea5ae9bfe764d63636adf788312c2be7513c40186480d4140882b0a251dda292e7437aa3fc8ca437508ba7c044
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin UA
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin UA
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-