General
-
Target
8D09712C6F3ED0173113B57D0835B1B7D32F2EE008143.exe
-
Size
22.1MB
-
Sample
211008-nfzzsaeafr
-
MD5
c8b74e3eb7f08d7f22a5979b6035db99
-
SHA1
9a240b60ed6fa9593b3581a98a97d73e9bcf313d
-
SHA256
8d09712c6f3ed0173113b57d0835b1b7d32f2ee008143a6bdec9390aee412c57
-
SHA512
e54bced3674f53ba056ae35284777241a48b62948ae116cdedbdf4136b4fbe27460956854718e8160fadd36509817e11ada10bd56927e4b83f41af5411a074c1
Malware Config
Extracted
njrat
0.7d
MNC7.6
ddnsrtm.ddns.net:5552
f32485db280ee39a17bf49b4a2d24db6
-
reg_key
f32485db280ee39a17bf49b4a2d24db6
-
splitter
|'|'|
Targets
-
-
Target
8D09712C6F3ED0173113B57D0835B1B7D32F2EE008143.exe
-
Size
22.1MB
-
MD5
c8b74e3eb7f08d7f22a5979b6035db99
-
SHA1
9a240b60ed6fa9593b3581a98a97d73e9bcf313d
-
SHA256
8d09712c6f3ed0173113b57d0835b1b7d32f2ee008143a6bdec9390aee412c57
-
SHA512
e54bced3674f53ba056ae35284777241a48b62948ae116cdedbdf4136b4fbe27460956854718e8160fadd36509817e11ada10bd56927e4b83f41af5411a074c1
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-