General
-
Target
17ee154b3d04c53bbdf031a402f397fa.exe
-
Size
37KB
-
Sample
220705-vjh9rsdab7
-
MD5
17ee154b3d04c53bbdf031a402f397fa
-
SHA1
341464598425770b28dea2e2b12b37d5acdd1a3c
-
SHA256
458e39cbdb8897ef84eb561fddc9ee30bc268d178f0d23ddb6e50ee8d5874ff4
-
SHA512
1e9707e7690d596ae8508c6b94d0664f94545bc71fc165ade2436a57ab432d8503ceda9e41593d0887a6c271ea601432fc33811d086614e3f78914f543bd1e32
Behavioral task
behavioral1
Sample
17ee154b3d04c53bbdf031a402f397fa.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
6.tcp.eu.ngrok.io:10384
64b35530e341dedfbed98e420e33ffdf
-
reg_key
64b35530e341dedfbed98e420e33ffdf
-
splitter
|'|'|
Targets
-
-
Target
17ee154b3d04c53bbdf031a402f397fa.exe
-
Size
37KB
-
MD5
17ee154b3d04c53bbdf031a402f397fa
-
SHA1
341464598425770b28dea2e2b12b37d5acdd1a3c
-
SHA256
458e39cbdb8897ef84eb561fddc9ee30bc268d178f0d23ddb6e50ee8d5874ff4
-
SHA512
1e9707e7690d596ae8508c6b94d0664f94545bc71fc165ade2436a57ab432d8503ceda9e41593d0887a6c271ea601432fc33811d086614e3f78914f543bd1e32
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-