General
-
Target
B513104971C9E0C5B6721A523C9475701A67BB368A74F.exe
-
Size
189KB
-
Sample
210914-1ggaaabdan
-
MD5
0e95218e1c1f7d8f18227ce0efc4a3b2
-
SHA1
e9e8ae35e32e47c33f557d2deddb9e837450576a
-
SHA256
b513104971c9e0c5b6721a523c9475701a67bb368a74f4b8254049569a8497fe
-
SHA512
fa29aa2c09ab377c9eced2658474f60d418c363a4c4e318a7ed155688f55d80452f79414d76a31f56ca69b42363037764ada15145c6297c361cb281b631c34eb
Malware Config
Extracted
njrat
0.7d
BackUp
dr-mesho.ddns.net:5552
ce4ef724bbf43aa4dc51f763b9cf5592
-
reg_key
ce4ef724bbf43aa4dc51f763b9cf5592
-
splitter
|'|'|
Targets
-
-
Target
B513104971C9E0C5B6721A523C9475701A67BB368A74F.exe
-
Size
189KB
-
MD5
0e95218e1c1f7d8f18227ce0efc4a3b2
-
SHA1
e9e8ae35e32e47c33f557d2deddb9e837450576a
-
SHA256
b513104971c9e0c5b6721a523c9475701a67bb368a74f4b8254049569a8497fe
-
SHA512
fa29aa2c09ab377c9eced2658474f60d418c363a4c4e318a7ed155688f55d80452f79414d76a31f56ca69b42363037764ada15145c6297c361cb281b631c34eb
Score10/10-
Modifies system executable filetype association
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-