General
-
Target
Payloads.js
-
Size
58KB
-
Sample
220627-dwyfsaagd7
-
MD5
94c08ba8dc8fa3697207c53665c1ddb3
-
SHA1
1af6156240c60e2b39269e3649b2a30f981e75b9
-
SHA256
40de3b364abfeae905e92cd564381d46a80c386c6011e37ce95df860abb572eb
-
SHA512
11e1a9c810ed146a09aa79ee3d500af4a24d1c2432d5e3b62e125738bf0737dcc110c6926224850e5436b6af6a95ce25b4f8b4de4070f1e53d12a0fbc616dedf
Malware Config
Extracted
njrat
0.7d
HACKED JFK
103.149.13.61:4545
782e4e93b9158d4d448232ed139fc0db
-
reg_key
782e4e93b9158d4d448232ed139fc0db
-
splitter
|'|'|
Targets
-
-
Target
Payloads.js
-
Size
58KB
-
MD5
94c08ba8dc8fa3697207c53665c1ddb3
-
SHA1
1af6156240c60e2b39269e3649b2a30f981e75b9
-
SHA256
40de3b364abfeae905e92cd564381d46a80c386c6011e37ce95df860abb572eb
-
SHA512
11e1a9c810ed146a09aa79ee3d500af4a24d1c2432d5e3b62e125738bf0737dcc110c6926224850e5436b6af6a95ce25b4f8b4de4070f1e53d12a0fbc616dedf
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-