General
-
Target
63FDA206CFC0EE18A9308E7CF74EC195A03A1E725D9CF.exe
-
Size
37KB
-
Sample
220722-a4l6yabdb2
-
MD5
17a414b6b3825356ce46897df564840d
-
SHA1
e9ee79764d9adb1a047e23e76d7a2bb9b2810cd2
-
SHA256
63fda206cfc0ee18a9308e7cf74ec195a03a1e725d9cfb050007230c21a44dc3
-
SHA512
1f65b9eebd1fbe45cb3436c12e7f6ba9e9b1fe827be002783f75276c41257ba176904b1111f63f507709a55925dabeb2a8b12319382e0a27c17d5aac3d852558
Behavioral task
behavioral1
Sample
63FDA206CFC0EE18A9308E7CF74EC195A03A1E725D9CF.exe
Resource
win7-20220718-en
Malware Config
Extracted
njrat
im523
HacKed
0.tcp.eu.ngrok.io:14219
82cc0b2a45ca9c5b762809864832a201
-
reg_key
82cc0b2a45ca9c5b762809864832a201
-
splitter
|'|'|
Targets
-
-
Target
63FDA206CFC0EE18A9308E7CF74EC195A03A1E725D9CF.exe
-
Size
37KB
-
MD5
17a414b6b3825356ce46897df564840d
-
SHA1
e9ee79764d9adb1a047e23e76d7a2bb9b2810cd2
-
SHA256
63fda206cfc0ee18a9308e7cf74ec195a03a1e725d9cfb050007230c21a44dc3
-
SHA512
1f65b9eebd1fbe45cb3436c12e7f6ba9e9b1fe827be002783f75276c41257ba176904b1111f63f507709a55925dabeb2a8b12319382e0a27c17d5aac3d852558
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-