General
-
Target
VPekxMtU.exe
-
Size
23KB
-
Sample
201225-2ygwzbe6fn
-
MD5
f0648c9a052f6709a419fcb293edfd51
-
SHA1
4c06fd1436794ccb4852cd086bc21c54c5ec53b0
-
SHA256
637c5a6da12669b77450722407c7b63a057e10b5b4f43e6b2ae5a833e9b721e4
-
SHA512
d856d260bc9a041674fc1b041204b53b8f48d30b56ed7450a6a1a0d6a07352a002192d60ce42a08f506f57fab6390f000974f36133ae4d323e436e6b92f132bd
Malware Config
Extracted
njrat
0.7d
HacKed
nonspam.hopto.org:1177
d190b0faf733c7f5258ca76c3c3a2eb6
-
reg_key
d190b0faf733c7f5258ca76c3c3a2eb6
-
splitter
|'|'|
Targets
-
-
Target
VPekxMtU.exe
-
Size
23KB
-
MD5
f0648c9a052f6709a419fcb293edfd51
-
SHA1
4c06fd1436794ccb4852cd086bc21c54c5ec53b0
-
SHA256
637c5a6da12669b77450722407c7b63a057e10b5b4f43e6b2ae5a833e9b721e4
-
SHA512
d856d260bc9a041674fc1b041204b53b8f48d30b56ed7450a6a1a0d6a07352a002192d60ce42a08f506f57fab6390f000974f36133ae4d323e436e6b92f132bd
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-