General
-
Target
a670b52b8c4922d3b75d6b502193c15d.exe
-
Size
22KB
-
Sample
220723-lrl6ysdfa6
-
MD5
a670b52b8c4922d3b75d6b502193c15d
-
SHA1
ad4651567adb5bdfa4f32dd7387bd09268ec529d
-
SHA256
ebec4606c7bbe18209b90f8a9a1871f7ad54f46841d65f169491a9620b589605
-
SHA512
ebbba5b28f12ffa2e77b57e8836d956b629e8fce892b69130434ec090db42e15d6cbdec43042cb881c18bd7e999b3d38ff4096ed51e893983ecf28e8e2036238
Behavioral task
behavioral1
Sample
a670b52b8c4922d3b75d6b502193c15d.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
a670b52b8c4922d3b75d6b502193c15d.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
njrat
0.7d
NYAN CAT
2.tcp.ngrok.io:14404
b054605e4e2143d0a896023bc3764d3e
-
reg_key
b054605e4e2143d0a896023bc3764d3e
-
splitter
|'|'|
Targets
-
-
Target
a670b52b8c4922d3b75d6b502193c15d.exe
-
Size
22KB
-
MD5
a670b52b8c4922d3b75d6b502193c15d
-
SHA1
ad4651567adb5bdfa4f32dd7387bd09268ec529d
-
SHA256
ebec4606c7bbe18209b90f8a9a1871f7ad54f46841d65f169491a9620b589605
-
SHA512
ebbba5b28f12ffa2e77b57e8836d956b629e8fce892b69130434ec090db42e15d6cbdec43042cb881c18bd7e999b3d38ff4096ed51e893983ecf28e8e2036238
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-