Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
04-01-2025 03:44
General
-
Target
f224346929620555fc8ffea8a7814cccd5073434c3607583e4e87414cb599352.exe
-
Size
37KB
-
MD5
fdf0546d58297a6e51596876a12239b8
-
SHA1
e3a107f3f5a3d42548a1be0e8a23fc24206f70e5
-
SHA256
f224346929620555fc8ffea8a7814cccd5073434c3607583e4e87414cb599352
-
SHA512
56ab06704bb457c332afb7ea0703c826c1bf94dcc83912d8478d9b81d67e7e3eaffe25ba8883df39fb9ee3c0b0644b87cd0970274a6fc1717fa620af9e9deac7
-
SSDEEP
768:pulv2NWtkr+kJruz5irrM+rMRa8Nujp8t:kluNWiqk1u80+gRJNq
Malware Config
Extracted
njrat
im523
ktx
kartoxamc.ga:4726
9bce47647dc8a6718dc5325121b298da
-
reg_key
9bce47647dc8a6718dc5325121b298da
-
splitter
|'|'|
Signatures
-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 7 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f224346929620555fc8ffea8a7814cccd5073434c3607583e4e87414cb599352.exe"C:\Users\Admin\AppData\Local\Temp\f224346929620555fc8ffea8a7814cccd5073434c3607583e4e87414cb599352.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\microsp2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\microsp"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
37KB
MD5fdf0546d58297a6e51596876a12239b8
SHA1e3a107f3f5a3d42548a1be0e8a23fc24206f70e5
SHA256f224346929620555fc8ffea8a7814cccd5073434c3607583e4e87414cb599352
SHA51256ab06704bb457c332afb7ea0703c826c1bf94dcc83912d8478d9b81d67e7e3eaffe25ba8883df39fb9ee3c0b0644b87cd0970274a6fc1717fa620af9e9deac7
-
Filesize
3KB
MD52154711eaec971049646fb9e074451ea
SHA1b67e87b3ef15f27eb4f3ae04c1db70ef73ae5b2d
SHA2565f6706567069641649e8fc98f3cc3e0b94c82bb2853a5c2a1cca5f9a2c027758
SHA512c7c2c507cc126da79a8e40da467ad6fac6a3a8fb7f6d7cb75bd30ab80f956830954436f45586dfe4bb489b64210e1ff015f3537814033c358e0d4ae3e0d80cff
-
Filesize
4KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB