General
-
Target
MgBMOjoQWC_hwstub.js
-
Size
51KB
-
Sample
220616-pl66qaehbj
-
MD5
0c7657296a9994e6446ff500bc1b76c3
-
SHA1
bfdc4584c89faa7f3356549494331ccc8497ab33
-
SHA256
692a8be00d69e5d0782766f270046aa871fea041e63d125da9e1252b135623f3
-
SHA512
8549c221d3316d3a57feb5c4bdca51ae504f5479e22b83150a9eca82fb0b5f8ef8b2aa134d2b96c5bef42a170cc7c4dc8099606f71fabcd490732f7b8926213d
Static task
static1
Behavioral task
behavioral1
Sample
MgBMOjoQWC_hwstub.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MgBMOjoQWC_hwstub.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HacKed By MustyMoney
104.168.7.110:5552
72f64d4ec723544c65ffca1cd7ba4ee6
-
reg_key
72f64d4ec723544c65ffca1cd7ba4ee6
-
splitter
|'|'|
Targets
-
-
Target
MgBMOjoQWC_hwstub.js
-
Size
51KB
-
MD5
0c7657296a9994e6446ff500bc1b76c3
-
SHA1
bfdc4584c89faa7f3356549494331ccc8497ab33
-
SHA256
692a8be00d69e5d0782766f270046aa871fea041e63d125da9e1252b135623f3
-
SHA512
8549c221d3316d3a57feb5c4bdca51ae504f5479e22b83150a9eca82fb0b5f8ef8b2aa134d2b96c5bef42a170cc7c4dc8099606f71fabcd490732f7b8926213d
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin UA
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin UA
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-