General
-
Target
0CC7D034E9B01B5F02D0843E62C5CE0C79DC380FC3C12.exe
-
Size
355KB
-
Sample
211127-wpq28scgfk
-
MD5
23fb23c32c346850115102c7c51d59a0
-
SHA1
10d8d48501447675facadf07a656aaa9668cad5a
-
SHA256
0cc7d034e9b01b5f02d0843e62c5ce0c79dc380fc3c126be71c8ad31ab8acad6
-
SHA512
8b0bd3919f9d122b02e21e33569b391f2fecb015a3a766f3c551fb9a3d2c9f8d0a5273a79532295744a0038f519a31bd0be95bdf24f0f83ce605ff43c3496f1c
Malware Config
Extracted
njrat
im523
1
6.tcp.ngrok.io:14955
278143857c93c64cb35ca3ab3e71ff74
-
reg_key
278143857c93c64cb35ca3ab3e71ff74
-
splitter
|'|'|
Targets
-
-
Target
0CC7D034E9B01B5F02D0843E62C5CE0C79DC380FC3C12.exe
-
Size
355KB
-
MD5
23fb23c32c346850115102c7c51d59a0
-
SHA1
10d8d48501447675facadf07a656aaa9668cad5a
-
SHA256
0cc7d034e9b01b5f02d0843e62c5ce0c79dc380fc3c126be71c8ad31ab8acad6
-
SHA512
8b0bd3919f9d122b02e21e33569b391f2fecb015a3a766f3c551fb9a3d2c9f8d0a5273a79532295744a0038f519a31bd0be95bdf24f0f83ce605ff43c3496f1c
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Stops running service(s)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-