General
-
Target
Client.exe
-
Size
157KB
-
Sample
210904-rhlrqahddq
-
MD5
56bc3f630c9f0b284185cf952c2dc736
-
SHA1
eb6c702c2a2c48221a0eed0baacfe931c34e1757
-
SHA256
896063f7d965ebf60d36b28c47135e010e212bc9955e7dfdfba4f085744ba47a
-
SHA512
b37dc8750f01a3e55e392d7d5591147b010c6b0971874aad074ee0144da4fcda5ff58590a432c9777fd9fb5f78a2ca279fcbf5806598603e9ab0e0a5db601caf
Static task
static1
Malware Config
Targets
-
-
Target
Client.exe
-
Size
157KB
-
MD5
56bc3f630c9f0b284185cf952c2dc736
-
SHA1
eb6c702c2a2c48221a0eed0baacfe931c34e1757
-
SHA256
896063f7d965ebf60d36b28c47135e010e212bc9955e7dfdfba4f085744ba47a
-
SHA512
b37dc8750f01a3e55e392d7d5591147b010c6b0971874aad074ee0144da4fcda5ff58590a432c9777fd9fb5f78a2ca279fcbf5806598603e9ab0e0a5db601caf
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Modifies Windows Firewall
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-