General
-
Target
0x0009000000014aef-55.dat
-
Size
37KB
-
Sample
220714-1rb4baecd3
-
MD5
36e59be3c751683fc142c0ebd8d6a71d
-
SHA1
1e9632a2173588f606e6a354cdcbeddc91ab2c78
-
SHA256
3611560138463ba5b2438d8691410a642875230b8db788751826a7b495371e4c
-
SHA512
e20d3f2c0ad628aa137c7dfde3d77ae09628f725af5f590dd4ff052a65975e7f0aa5fa5cbfb417ce57f0d34a36dccac3333885e2f91125946f8a29db27316eeb
Behavioral task
behavioral1
Sample
0x0009000000014aef-55.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0x0009000000014aef-55.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
njrat
im523
gay
4.tcp.eu.ngrok.io:10296
f61a5d905ecbb8c8be462972af515144
-
reg_key
f61a5d905ecbb8c8be462972af515144
-
splitter
|'|'|
Targets
-
-
Target
0x0009000000014aef-55.dat
-
Size
37KB
-
MD5
36e59be3c751683fc142c0ebd8d6a71d
-
SHA1
1e9632a2173588f606e6a354cdcbeddc91ab2c78
-
SHA256
3611560138463ba5b2438d8691410a642875230b8db788751826a7b495371e4c
-
SHA512
e20d3f2c0ad628aa137c7dfde3d77ae09628f725af5f590dd4ff052a65975e7f0aa5fa5cbfb417ce57f0d34a36dccac3333885e2f91125946f8a29db27316eeb
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-