General
-
Target
6a6b2af0716cb8308dddae55dd325253.bin
-
Size
1.4MB
-
Sample
220628-fvj8wafcdn
-
MD5
6a6b2af0716cb8308dddae55dd325253
-
SHA1
691556a82280d270bd0f763f1213b43c6c4c0b6d
-
SHA256
2cb6acd25b8d00468dd89658dc948836f92000e031085b6b3c798eb1504157df
-
SHA512
e517c7070e4c20eb16acc1dfa98c016a01a9fc66b1944c30e5270d3e616770804553140ff5b3b35c49c659b39e59cf999dc8fa5c00e9520bd57e6c9872d83f11
Static task
static1
Behavioral task
behavioral1
Sample
6a6b2af0716cb8308dddae55dd325253.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
4Mekey.myftp.biz:2411
18951a269d7
-
reg_key
18951a269d7
-
splitter
@!#&^%$
Targets
-
-
Target
6a6b2af0716cb8308dddae55dd325253.bin
-
Size
1.4MB
-
MD5
6a6b2af0716cb8308dddae55dd325253
-
SHA1
691556a82280d270bd0f763f1213b43c6c4c0b6d
-
SHA256
2cb6acd25b8d00468dd89658dc948836f92000e031085b6b3c798eb1504157df
-
SHA512
e517c7070e4c20eb16acc1dfa98c016a01a9fc66b1944c30e5270d3e616770804553140ff5b3b35c49c659b39e59cf999dc8fa5c00e9520bd57e6c9872d83f11
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-