General
-
Target
bJHtVihBXXacserver.js
-
Size
70KB
-
Sample
220616-nxvrdsefar
-
MD5
3fb233467088b6906ae7ea8002352e86
-
SHA1
7f318b6db9a28e39bd0162945295f787956eba61
-
SHA256
db2525eb120cddd924084eb2d3adada700a65066f46f6c3675e47377ef09ee20
-
SHA512
e36763c44d0c1e46a986299e3499d476e6e920e8c6d8e704c832457d0ff7725dfa3f29944025a3c9b4205234e285bfdbb69c281f22e1945bcda6094488824cd2
Static task
static1
Behavioral task
behavioral1
Sample
bJHtVihBXXacserver.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bJHtVihBXXacserver.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed By MustyMoney
104.168.7.110:5552
72f64d4ec723544c65ffca1cd7ba4ee6
-
reg_key
72f64d4ec723544c65ffca1cd7ba4ee6
-
splitter
|'|'|
Extracted
njrat
0.7d
HacKed By MusteMonee
104.168.7.110:5553
d60c61d273d37cbe8a96dbc7212c0bd5
-
reg_key
d60c61d273d37cbe8a96dbc7212c0bd5
-
splitter
|'|'|
Targets
-
-
Target
bJHtVihBXXacserver.js
-
Size
70KB
-
MD5
3fb233467088b6906ae7ea8002352e86
-
SHA1
7f318b6db9a28e39bd0162945295f787956eba61
-
SHA256
db2525eb120cddd924084eb2d3adada700a65066f46f6c3675e47377ef09ee20
-
SHA512
e36763c44d0c1e46a986299e3499d476e6e920e8c6d8e704c832457d0ff7725dfa3f29944025a3c9b4205234e285bfdbb69c281f22e1945bcda6094488824cd2
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Get Passwords)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Get Passwords)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-