General
-
Target
Cheque.js
-
Size
70KB
-
Sample
220616-clnyxsfcar
-
MD5
014b70904cf3099e1437403387529b54
-
SHA1
930859383b24df5f0321096819f5eb96a97755e9
-
SHA256
bbea6ebf291353c5454e9d7890175e419d6daea230704d73e5feb29f0cb7fe71
-
SHA512
566b238574e35a65fa9ba86f5708e6847c5576ccee0a5b1dc47404fdb24c70bf8c87a159be5145d988195b518ca7b85dfd5464e779939b9901f5f02c46c1b689
Malware Config
Extracted
njrat
0.7d
HacKed By MustyMoney
104.168.7.110:5552
72f64d4ec723544c65ffca1cd7ba4ee6
-
reg_key
72f64d4ec723544c65ffca1cd7ba4ee6
-
splitter
|'|'|
Targets
-
-
Target
Cheque.js
-
Size
70KB
-
MD5
014b70904cf3099e1437403387529b54
-
SHA1
930859383b24df5f0321096819f5eb96a97755e9
-
SHA256
bbea6ebf291353c5454e9d7890175e419d6daea230704d73e5feb29f0cb7fe71
-
SHA512
566b238574e35a65fa9ba86f5708e6847c5576ccee0a5b1dc47404fdb24c70bf8c87a159be5145d988195b518ca7b85dfd5464e779939b9901f5f02c46c1b689
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-