General
-
Target
0648873dd8d00b2eca5eaa5680f7a5b6.exe
-
Size
4.9MB
-
Sample
220706-2ec1hshggp
-
MD5
0648873dd8d00b2eca5eaa5680f7a5b6
-
SHA1
fada8b49ca5b898c9e31bc87f2b37a267599d406
-
SHA256
0f6084e2d90e3429b34cc2950ca31fde03ffcceb0b1470935e89116d9ed04e1f
-
SHA512
88fd72593cb94da497bf5ed7b9e4f35cfac74e9e5280d8d9f0708c6867518c4f0444ab0426ba8f94f86ffbcc3263b83cd6ce436d094bd82ec5e5bc8e4a5908d0
Static task
static1
Behavioral task
behavioral1
Sample
0648873dd8d00b2eca5eaa5680f7a5b6.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
51.89.91.139:5050
5db0afc818875fbd9be3e842f2d3f24b
-
reg_key
5db0afc818875fbd9be3e842f2d3f24b
-
splitter
|'|'|
Targets
-
-
Target
0648873dd8d00b2eca5eaa5680f7a5b6.exe
-
Size
4.9MB
-
MD5
0648873dd8d00b2eca5eaa5680f7a5b6
-
SHA1
fada8b49ca5b898c9e31bc87f2b37a267599d406
-
SHA256
0f6084e2d90e3429b34cc2950ca31fde03ffcceb0b1470935e89116d9ed04e1f
-
SHA512
88fd72593cb94da497bf5ed7b9e4f35cfac74e9e5280d8d9f0708c6867518c4f0444ab0426ba8f94f86ffbcc3263b83cd6ce436d094bd82ec5e5bc8e4a5908d0
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-