General
-
Target
sibmne.bin
-
Size
31KB
-
Sample
220706-fxl59abba2
-
MD5
b92b3115473d465d03d54ed3a2a7defa
-
SHA1
6e11bb60d8c01aa6032e927acdcec335b2181007
-
SHA256
d4ffb7e8cefcf9db3e3a8771b05ee02c4f6235a8c13677217a8a49e5cf2dc8bd
-
SHA512
be339251a191bad40a2f7a7e013b717dae439ffa0d9328da5d0fb44ce7659e390fa943b61fceb20ad6bb7e3ee349e4a35f29e548c3b23d96024fdeb4822f6aef
Behavioral task
behavioral1
Sample
sibmne.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sibmne.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
0.7d
MyBot32
4.tcp.eu.ngrok.io:4542
60ba8fa2947818e6663b2c1251a2ccd2
-
reg_key
60ba8fa2947818e6663b2c1251a2ccd2
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
sibmne.bin
-
Size
31KB
-
MD5
b92b3115473d465d03d54ed3a2a7defa
-
SHA1
6e11bb60d8c01aa6032e927acdcec335b2181007
-
SHA256
d4ffb7e8cefcf9db3e3a8771b05ee02c4f6235a8c13677217a8a49e5cf2dc8bd
-
SHA512
be339251a191bad40a2f7a7e013b717dae439ffa0d9328da5d0fb44ce7659e390fa943b61fceb20ad6bb7e3ee349e4a35f29e548c3b23d96024fdeb4822f6aef
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-