General
-
Target
3beb45c3bb9d1b1d1470c960dddd4eac
-
Size
40KB
-
Sample
220627-qqatrabdbn
-
MD5
3beb45c3bb9d1b1d1470c960dddd4eac
-
SHA1
2d96cf028711c9cf6cc9482e387c1cbc43946255
-
SHA256
4e92e905f57ebec8e22df1c735211425dbbd2b64c9e77ad2ca774ff1dfbca13f
-
SHA512
0209c0afcc8968a0043c91483d050aa7a597a4ca79fb3d2fb210c9d2dbe37a2ef81a6555840e84c0bff2b61a911943da9f54910c9aa6d416508153e7df315b23
Static task
static1
Behavioral task
behavioral1
Sample
Payloads.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payloads.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HACKED JFK
103.149.13.61:4545
782e4e93b9158d4d448232ed139fc0db
-
reg_key
782e4e93b9158d4d448232ed139fc0db
-
splitter
|'|'|
Targets
-
-
Target
Payloads.js
-
Size
58KB
-
MD5
94c08ba8dc8fa3697207c53665c1ddb3
-
SHA1
1af6156240c60e2b39269e3649b2a30f981e75b9
-
SHA256
40de3b364abfeae905e92cd564381d46a80c386c6011e37ce95df860abb572eb
-
SHA512
11e1a9c810ed146a09aa79ee3d500af4a24d1c2432d5e3b62e125738bf0737dcc110c6926224850e5436b6af6a95ce25b4f8b4de4070f1e53d12a0fbc616dedf
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-