General
-
Target
534B9BC8809AE37A2BEADA5B9D868BDA1C17C32BE812E.exe
-
Size
355KB
-
Sample
211127-xhgqnachfp
-
MD5
42c690607f11ff38887673a9cb86f1c9
-
SHA1
a7fcd7c5082cb6a8c96997cba1d050d808294fcb
-
SHA256
534b9bc8809ae37a2beada5b9d868bda1c17c32be812ec3b30de2ad2382014a0
-
SHA512
71cef63a004765358e8f98328f4b23d209f05cfe653ea8da3d0fe40cfc972e323258ec822185850373fc4d95b3288fbd325f9dd1642a4382101160cb0a87543d
Malware Config
Extracted
njrat
im523
1
4.tcp.ngrok.io:11271
4e889e7da72189e24bc725ec5f51224f
-
reg_key
4e889e7da72189e24bc725ec5f51224f
-
splitter
|'|'|
Targets
-
-
Target
534B9BC8809AE37A2BEADA5B9D868BDA1C17C32BE812E.exe
-
Size
355KB
-
MD5
42c690607f11ff38887673a9cb86f1c9
-
SHA1
a7fcd7c5082cb6a8c96997cba1d050d808294fcb
-
SHA256
534b9bc8809ae37a2beada5b9d868bda1c17c32be812ec3b30de2ad2382014a0
-
SHA512
71cef63a004765358e8f98328f4b23d209f05cfe653ea8da3d0fe40cfc972e323258ec822185850373fc4d95b3288fbd325f9dd1642a4382101160cb0a87543d
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Stops running service(s)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-