General
-
Target
sYCuOOjDOlvjstub.js
-
Size
29KB
-
Sample
220616-n71emaefhq
-
MD5
dac9ed798f79a40ef59756c710f61593
-
SHA1
199bfa38a09181e9396cef4d3b29b0762c5ba987
-
SHA256
94036cd95dde4d8ec66e76a24755a15ac474c64b12e74ec87d29ff9b8a889160
-
SHA512
ec5119052e545e0246234b51777bc3a1a3a64ea0c9a3eab98b948896235bd5a49eca1616788636dc09ddd8328382f00b03e5c39139972cff2198667baf5bbcef
Malware Config
Extracted
vjw0rm
http://104.168.7.110:7974
Extracted
njrat
0.7d
HacKed By MustyMoney
104.168.7.110:5552
72f64d4ec723544c65ffca1cd7ba4ee6
-
reg_key
72f64d4ec723544c65ffca1cd7ba4ee6
-
splitter
|'|'|
Extracted
njrat
0.7d
HacKed By MusteMonee
104.168.7.110:5552
eca56299e0fd252052e571b07f78b218
-
reg_key
eca56299e0fd252052e571b07f78b218
-
splitter
|'|'|
Targets
-
-
Target
sYCuOOjDOlvjstub.js
-
Size
29KB
-
MD5
dac9ed798f79a40ef59756c710f61593
-
SHA1
199bfa38a09181e9396cef4d3b29b0762c5ba987
-
SHA256
94036cd95dde4d8ec66e76a24755a15ac474c64b12e74ec87d29ff9b8a889160
-
SHA512
ec5119052e545e0246234b51777bc3a1a3a64ea0c9a3eab98b948896235bd5a49eca1616788636dc09ddd8328382f00b03e5c39139972cff2198667baf5bbcef
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-