General
-
Target
0x00070000000133e8-90.dat
-
Size
25KB
-
Sample
220627-qr3k6adcd9
-
MD5
13a393f4abc0575a0c3661a2058c6a92
-
SHA1
c35e88355d846094a9b9aeaef3822725cd65c898
-
SHA256
685deaa148f2ded23bfac7a5bced8399f438b6825c48fa3c4d302470d4c23ad4
-
SHA512
f33ef8ac7264a64982873a9dc7defff8c161376c59844047cf117b64d35c1d46c708e6fa03e7b2f999233816892ea6bad62f09a81112247502cf611904709ba6
Static task
static1
Behavioral task
behavioral1
Sample
0x00070000000133e8-90.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0x00070000000133e8-90.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
HACKED... W2B
103.149.13.61:4545
f33599fc8954f4bf201159e017f34658
-
reg_key
f33599fc8954f4bf201159e017f34658
-
splitter
|'|'|
Targets
-
-
Target
0x00070000000133e8-90.dat
-
Size
25KB
-
MD5
13a393f4abc0575a0c3661a2058c6a92
-
SHA1
c35e88355d846094a9b9aeaef3822725cd65c898
-
SHA256
685deaa148f2ded23bfac7a5bced8399f438b6825c48fa3c4d302470d4c23ad4
-
SHA512
f33ef8ac7264a64982873a9dc7defff8c161376c59844047cf117b64d35c1d46c708e6fa03e7b2f999233816892ea6bad62f09a81112247502cf611904709ba6
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-