General
-
Target
Invoice #09747583900.exe
-
Size
635KB
-
Sample
210911-vj78wsefaq
-
MD5
027ed8a97dd1dd28cc73c9edf4ec89ab
-
SHA1
131efcf3ee4e6f0629027066ab002355c2f20a00
-
SHA256
81f7a0f726f4001c9e4e7d67ba9ab6c3f45139887dabe78f6e3d04dd2b0557e2
-
SHA512
0c6b3606b56fe7662895783a1512ca62290697049230433ca645e953218bce1311e5dd970dbb30b0a575ef1e0398e5874d602c9f6313f64e2b245a02ff55d497
Malware Config
Extracted
njrat
v4.0
AhKey_000_Sat
cdanger492.duckdns.org:4480
Windows
-
reg_key
Windows
-
splitter
|-F-|
Targets
-
-
Target
Invoice #09747583900.exe
-
Size
635KB
-
MD5
027ed8a97dd1dd28cc73c9edf4ec89ab
-
SHA1
131efcf3ee4e6f0629027066ab002355c2f20a00
-
SHA256
81f7a0f726f4001c9e4e7d67ba9ab6c3f45139887dabe78f6e3d04dd2b0557e2
-
SHA512
0c6b3606b56fe7662895783a1512ca62290697049230433ca645e953218bce1311e5dd970dbb30b0a575ef1e0398e5874d602c9f6313f64e2b245a02ff55d497
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Drops startup file
-
Suspicious use of SetThreadContext
-