General
-
Target
bNkn.exe
-
Size
23KB
-
Sample
230605-fsjvbseh76
-
MD5
18f1c4c76bfa3e98a97628f741361a50
-
SHA1
b996ca964b34339725b02abfc9b6b0fcbe5628d8
-
SHA256
53924ec04fd027a17ceec00ef3d0e77637a8c372b2ee1b6095bf1ee4cf288fc4
-
SHA512
0da74271f186591c338db5b301deff1f7b15f3373ec725d67dcb1dc0ce1ee36d75ef12002d430980ff1001b0a0457149388c31591dabef33917f3de893035637
-
SSDEEP
384:xhc6ze6e1PAhJVzC3tC1im/BsTx46PgZ0rap9HBmRvR6JZlbw8hqIusZzZXd:xTe9EJLN/yRpcnua
Behavioral task
behavioral1
Sample
bNkn.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bNkn.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
njrat
0.7d
soldier
0.tcp.sa.ngrok.io:18145
8281218078858e75d74a07bde6e8bc62
-
reg_key
8281218078858e75d74a07bde6e8bc62
-
splitter
|'|'|
Targets
-
-
Target
bNkn.exe
-
Size
23KB
-
MD5
18f1c4c76bfa3e98a97628f741361a50
-
SHA1
b996ca964b34339725b02abfc9b6b0fcbe5628d8
-
SHA256
53924ec04fd027a17ceec00ef3d0e77637a8c372b2ee1b6095bf1ee4cf288fc4
-
SHA512
0da74271f186591c338db5b301deff1f7b15f3373ec725d67dcb1dc0ce1ee36d75ef12002d430980ff1001b0a0457149388c31591dabef33917f3de893035637
-
SSDEEP
384:xhc6ze6e1PAhJVzC3tC1im/BsTx46PgZ0rap9HBmRvR6JZlbw8hqIusZzZXd:xTe9EJLN/yRpcnua
Score8/10-
Modifies Windows Firewall
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-