General
-
Target
ee0385983682322efe022225fb874aca.exe
-
Size
37KB
-
Sample
211030-ya81lscaen
-
MD5
ee0385983682322efe022225fb874aca
-
SHA1
e234165631472c98a62107356a2b55a8e9f8b5a1
-
SHA256
5fa5bb5bf065b701ecbbbd704e302ca70eff2912cee39fd86f2b732372eb44f3
-
SHA512
b72cf0802d84874b1a8101793694a25051ef8460383d73a02552fe4e945517f7c40b7654fcc7b864985bd49d3b1a5e33792625c6483e7e3be6dfe9b909a424c9
Malware Config
Extracted
njrat
im523
HacKed
4.tcp.ngrok.io:12516
004af031f7d2d163aaa3cb0e51c1f6fe
-
reg_key
004af031f7d2d163aaa3cb0e51c1f6fe
-
splitter
|'|'|
Targets
-
-
Target
ee0385983682322efe022225fb874aca.exe
-
Size
37KB
-
MD5
ee0385983682322efe022225fb874aca
-
SHA1
e234165631472c98a62107356a2b55a8e9f8b5a1
-
SHA256
5fa5bb5bf065b701ecbbbd704e302ca70eff2912cee39fd86f2b732372eb44f3
-
SHA512
b72cf0802d84874b1a8101793694a25051ef8460383d73a02552fe4e945517f7c40b7654fcc7b864985bd49d3b1a5e33792625c6483e7e3be6dfe9b909a424c9
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-