General
-
Target
bD15.exe
-
Size
36KB
-
Sample
220716-vnkcmadhhn
-
MD5
b73984062282fbe1c09bb14415159a39
-
SHA1
106709e5611ba9bfae948c55c8ba1bd3195bf4f5
-
SHA256
b873c4fa6ef7f4d56d1f347bd88468fed658fb77b948d50a6f1f719cbc4b781f
-
SHA512
8e905f8316adf5624b5ee33a73c736c4721c81e04107a7145e871c3430b35fdb6687edd4a82f9a6b464ccee3824de1dbac9ecb330418ec6fc6d5236f353a3629
Malware Config
Extracted
njrat
0.7d
HacKed
https://pastebin.com/raw/yJ5Z0rAF:5000
6a2634340fbf8a0a2c038c6263d49fd1
-
reg_key
6a2634340fbf8a0a2c038c6263d49fd1
-
splitter
|'|'|
Targets
-
-
Target
bD15.exe
-
Size
36KB
-
MD5
b73984062282fbe1c09bb14415159a39
-
SHA1
106709e5611ba9bfae948c55c8ba1bd3195bf4f5
-
SHA256
b873c4fa6ef7f4d56d1f347bd88468fed658fb77b948d50a6f1f719cbc4b781f
-
SHA512
8e905f8316adf5624b5ee33a73c736c4721c81e04107a7145e871c3430b35fdb6687edd4a82f9a6b464ccee3824de1dbac9ecb330418ec6fc6d5236f353a3629
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)
-
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)
-
Deletes itself
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-