General
-
Target
IAENMAIL-A4-220222-0830-0005036_pdf.exe
-
Size
434KB
-
Sample
220630-l1n2xaaabq
-
MD5
06e90589f099b727eec8a57c4e615829
-
SHA1
177e2f01523e21cc04d706612c77b46777f94385
-
SHA256
f7ce2f6751da145abff4415992bfe92c64aec5e0156aca5c3def5e37806fce23
-
SHA512
14b13432019a55df4500c114930e6d9802fd19f3db68de98fa2f600196ccc639b2431b2f8c855b537c226dc7e2e00269f5c8260a0b1e3ec67f71331a0bd4b321
Static task
static1
Behavioral task
behavioral1
Sample
IAENMAIL-A4-220222-0830-0005036_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
IAENMAIL-A4-220222-0830-0005036_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
v4.0
HacKed
104.255.168.159:5200
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
IAENMAIL-A4-220222-0830-0005036_pdf.exe
-
Size
434KB
-
MD5
06e90589f099b727eec8a57c4e615829
-
SHA1
177e2f01523e21cc04d706612c77b46777f94385
-
SHA256
f7ce2f6751da145abff4415992bfe92c64aec5e0156aca5c3def5e37806fce23
-
SHA512
14b13432019a55df4500c114930e6d9802fd19f3db68de98fa2f600196ccc639b2431b2f8c855b537c226dc7e2e00269f5c8260a0b1e3ec67f71331a0bd4b321
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-