General
-
Target
c0be73cb39b423805193433ad585f5b8.exe
-
Size
37KB
-
Sample
220704-pjba9sbbf7
-
MD5
c0be73cb39b423805193433ad585f5b8
-
SHA1
4993129df55612315d66530cf1c8f8d4a16b7fda
-
SHA256
de3eb03ecb262ac7d7e39fc1a746d03fe05586aaa8af9e9090fe6bbdd963094a
-
SHA512
38d9ddf70d56fa4c6c77097e7158ccf0672efa303e423712fc31417e9f6947d541ff0bc87387636801fe6fac8eda403ccf5a55e9ee20cea04bf32ca7ae921dfb
Behavioral task
behavioral1
Sample
c0be73cb39b423805193433ad585f5b8.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
5.tcp.eu.ngrok.io:14322
ea1a5a5888621f5dfaaef310d1d638c8
-
reg_key
ea1a5a5888621f5dfaaef310d1d638c8
-
splitter
|'|'|
Targets
-
-
Target
c0be73cb39b423805193433ad585f5b8.exe
-
Size
37KB
-
MD5
c0be73cb39b423805193433ad585f5b8
-
SHA1
4993129df55612315d66530cf1c8f8d4a16b7fda
-
SHA256
de3eb03ecb262ac7d7e39fc1a746d03fe05586aaa8af9e9090fe6bbdd963094a
-
SHA512
38d9ddf70d56fa4c6c77097e7158ccf0672efa303e423712fc31417e9f6947d541ff0bc87387636801fe6fac8eda403ccf5a55e9ee20cea04bf32ca7ae921dfb
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-