General
-
Target
a23360923a178f5fa03aa6bc07af76ee.exe
-
Size
37KB
-
Sample
211008-fvvdvaddhn
-
MD5
a23360923a178f5fa03aa6bc07af76ee
-
SHA1
55627fa47a75643c3072389be3dadf4b3346284d
-
SHA256
6daefc6f282bc92111eca7dd24c20c236b209bd1d14d6290ac543c707d60df32
-
SHA512
3d377b57f5b367e84223faff8225cab8083d2612e727ebe555df0eda8fabbdb8123e67ea421f7c04ed516af8a3a8d80e948e6f77ba9bf5cae4d8a1d8be19cf70
Malware Config
Extracted
njrat
im523
HacKed
0.tcp.ngrok.io:17560
e2aebaa00665f100e890d032411c733f
-
reg_key
e2aebaa00665f100e890d032411c733f
-
splitter
|'|'|
Targets
-
-
Target
a23360923a178f5fa03aa6bc07af76ee.exe
-
Size
37KB
-
MD5
a23360923a178f5fa03aa6bc07af76ee
-
SHA1
55627fa47a75643c3072389be3dadf4b3346284d
-
SHA256
6daefc6f282bc92111eca7dd24c20c236b209bd1d14d6290ac543c707d60df32
-
SHA512
3d377b57f5b367e84223faff8225cab8083d2612e727ebe555df0eda8fabbdb8123e67ea421f7c04ed516af8a3a8d80e948e6f77ba9bf5cae4d8a1d8be19cf70
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-