General
-
Target
844652fb604b2b25b8ed69569eac116f46bbdc219fbc8e4be0c55aa1e6454ffd
-
Size
42KB
-
Sample
220114-t1985shbg4
-
MD5
cc2f5f3dfe758d7d8621a7435a3f9b79
-
SHA1
b6745fa897f2d7e2791b3f4014eaf05e08eac100
-
SHA256
844652fb604b2b25b8ed69569eac116f46bbdc219fbc8e4be0c55aa1e6454ffd
-
SHA512
c251250372928d0f0d2198d772c939c8a3b5a5ea5127ca7539a2c0ca728f81965ccda49f05d076a457019b9646eafa3b468fff9b86c7c158cff80b6012e02e13
Malware Config
Extracted
njrat
im523
Furios
gghosting221.ddns.net:6202
a618146538b273f7953a53ea719ce06d
-
reg_key
a618146538b273f7953a53ea719ce06d
-
splitter
|'|'|
Targets
-
-
Target
844652fb604b2b25b8ed69569eac116f46bbdc219fbc8e4be0c55aa1e6454ffd
-
Size
42KB
-
MD5
cc2f5f3dfe758d7d8621a7435a3f9b79
-
SHA1
b6745fa897f2d7e2791b3f4014eaf05e08eac100
-
SHA256
844652fb604b2b25b8ed69569eac116f46bbdc219fbc8e4be0c55aa1e6454ffd
-
SHA512
c251250372928d0f0d2198d772c939c8a3b5a5ea5127ca7539a2c0ca728f81965ccda49f05d076a457019b9646eafa3b468fff9b86c7c158cff80b6012e02e13
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-