General
-
Target
0x0007000000005c51-56.dat
-
Size
26KB
-
Sample
220704-ppt1kahccr
-
MD5
24bf1ae1d62be5e1283fc4ddc9110dd9
-
SHA1
7b60b080982e77eb4565dce877236297280fcf36
-
SHA256
55cc06f563e305e118f8d9d6307e88de5f802cd36f6bdf394e17b95bf852bd69
-
SHA512
b0b1228c90ac6f795c3ee641c94045023cfc8fea0dba82c37c382cc91376c3b03ca0900c82881d9c8d99363a4fdeca4e8bc758c47730444195d0c52703bef391
Behavioral task
behavioral1
Sample
0x0007000000005c51-56.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0x0007000000005c51-56.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
v2.0
System
2.tcp.ngrok.io:13817
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
0x0007000000005c51-56.dat
-
Size
26KB
-
MD5
24bf1ae1d62be5e1283fc4ddc9110dd9
-
SHA1
7b60b080982e77eb4565dce877236297280fcf36
-
SHA256
55cc06f563e305e118f8d9d6307e88de5f802cd36f6bdf394e17b95bf852bd69
-
SHA512
b0b1228c90ac6f795c3ee641c94045023cfc8fea0dba82c37c382cc91376c3b03ca0900c82881d9c8d99363a4fdeca4e8bc758c47730444195d0c52703bef391
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-