General
-
Target
c01241da9a4a4df62da605fa0a43f6c2.exe
-
Size
37KB
-
Sample
220107-3pesjadbbp
-
MD5
c01241da9a4a4df62da605fa0a43f6c2
-
SHA1
81db6c7ef0820e926b8c7f336e27f8ae3129995d
-
SHA256
4508d96492ef503a79ad969ea885b9b3574158e64fc3d13a41e7ebef007286ed
-
SHA512
b201b63fad95726ab14172784e3382ad7aee4ff70982845d8638cf3627f14491d83c21d99775433cdab120da24dc8306d70c19f966f5e16dbc7dbe11f9611a10
Malware Config
Extracted
njrat
im523
HacKed
6.tcp.ngrok.io:11947
d4a936dfd494d5f7b5e01de781d9fe51
-
reg_key
d4a936dfd494d5f7b5e01de781d9fe51
-
splitter
|'|'|
Targets
-
-
Target
c01241da9a4a4df62da605fa0a43f6c2.exe
-
Size
37KB
-
MD5
c01241da9a4a4df62da605fa0a43f6c2
-
SHA1
81db6c7ef0820e926b8c7f336e27f8ae3129995d
-
SHA256
4508d96492ef503a79ad969ea885b9b3574158e64fc3d13a41e7ebef007286ed
-
SHA512
b201b63fad95726ab14172784e3382ad7aee4ff70982845d8638cf3627f14491d83c21d99775433cdab120da24dc8306d70c19f966f5e16dbc7dbe11f9611a10
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-