General
-
Target
0x0008000000012699-64.dat
-
Size
37KB
-
Sample
220706-2hp49acbd4
-
MD5
333baef68bf06e2bff8c785f9120559d
-
SHA1
b605cc35ec178240b1150a81d73e58d1d9417bac
-
SHA256
4d62a9ab6abeeafd08fc299581c0910c36ccf64178c16fc06b4a57a48858e1d4
-
SHA512
0ba29d931b3166c4d334cd45f02cc053efbe2f1db3dc844a43e8f9b12a6efea3d73d45d49ab048fdd7b21495b8bbe1929b560ead99890d88f02b99fda186c1cc
Behavioral task
behavioral1
Sample
0x0008000000012699-64.exe
Resource
win7-20220414-en
Malware Config
Extracted
njrat
im523
HacKed
51.89.91.139:5050
5db0afc818875fbd9be3e842f2d3f24b
-
reg_key
5db0afc818875fbd9be3e842f2d3f24b
-
splitter
|'|'|
Targets
-
-
Target
0x0008000000012699-64.dat
-
Size
37KB
-
MD5
333baef68bf06e2bff8c785f9120559d
-
SHA1
b605cc35ec178240b1150a81d73e58d1d9417bac
-
SHA256
4d62a9ab6abeeafd08fc299581c0910c36ccf64178c16fc06b4a57a48858e1d4
-
SHA512
0ba29d931b3166c4d334cd45f02cc053efbe2f1db3dc844a43e8f9b12a6efea3d73d45d49ab048fdd7b21495b8bbe1929b560ead99890d88f02b99fda186c1cc
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-