Overview

overview

7

Static

static

3

Nitsc_Behi...er.jar

windows7-x64

1

Nitsc_Behi...er.jar

windows10-2004-x64

7

Nitsc_Behi...ad.dll

windows7-x64

1

Nitsc_Behi...ad.dll

windows10-2004-x64

1

Nitsc_Behi...oad.js

windows7-x64

1

Nitsc_Behi...oad.js

windows10-2004-x64

1

Nitsc_Behi...GA.jar

windows7-x64

1

Nitsc_Behi...GA.jar

windows10-2004-x64

7

Nitsc_Behi....3.jar

windows7-x64

1

Nitsc_Behi....3.jar

windows10-2004-x64

7

Nitsc_Behi...55.jar

windows7-x64

1

Nitsc_Behi...55.jar

windows10-2004-x64

1

Nitsc_Behi...ad.dll

windows7-x64

1

Nitsc_Behi...ad.dll

windows10-2004-x64

1

Nitsc_Behi...ad.ps1

windows7-x64

1

Nitsc_Behi...ad.ps1

windows10-2004-x64

1

Nitsc_Behi...x.html

windows7-x64

1

Nitsc_Behi...x.html

windows10-2004-x64

1

Nitsc_Behi...min.js

windows7-x64

1

Nitsc_Behi...min.js

windows10-2004-x64

1

Nitsc_Behi...min.js

windows7-x64

1

Nitsc_Behi...min.js

windows10-2004-x64

1

Nitsc_Behi...min.js

windows7-x64

1

Nitsc_Behi...min.js

windows10-2004-x64

1

Nitsc_Behi...min.js

windows7-x64

1

Nitsc_Behi...min.js

windows10-2004-x64

1

Nitsc_Behi...min.js

windows7-x64

1

Nitsc_Behi...min.js

windows10-2004-x64

1

Nitsc_Behi...ata.js

windows7-x64

1

Nitsc_Behi...ata.js

windows10-2004-x64

1

Nitsc_Behi...ll.asp

windows7-x64

3

Nitsc_Behi...ll.asp

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    Behinder_4.1.zip

  • Size

    129.4MB

  • MD5

    7b7230a3f9d87058f5f3168b16f5f77c

  • SHA1

    64d1ca418ef0e8d4d32647f852996b7d729e788d

  • SHA256

    eaefca8aa57b7feea0dbfc0d4e8b87b1f5cae429e6b6d49cda8d41815e24316e

  • SHA512

    834476c11e6d245c23fef3f25abdb9fedabe380a3832879cd017e141d80b41544fe5865f004fb68fc3a3b281ea124a7ec75f5f6f2a35476fb5edfb8f2d92055c

  • SSDEEP

    3145728:JR4/g3fHhLGI1r1jQ/Is7YqmU5AL2CB5EGgGdfdlf0DV:JRMsfRGwQ/IsYqz5McId7cp

Score
3/10

Malware Config

Signatures

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • Behinder_4.1.zip
    .zip

    Password: About_1234#

  • Nitsc_Behinder_v4.1/.DS_Store
  • Nitsc_Behinder_v4.1/Behinder.jar
    .jar
  • Nitsc_Behinder_v4.1/Plugins/CheckAlive/payload/payload.aspx
    .dll windows:4 windows x86 arch:x86

    Password: About_1234#

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Nitsc_Behinder_v4.1/Plugins/CheckAlive/payload/payload.java
  • Nitsc_Behinder_v4.1/Plugins/CheckAlive/payload/payload.php
    .js
  • Nitsc_Behinder_v4.1/Plugins/HTTP助手/http.png
    .png

    Password: About_1234#

  • Nitsc_Behinder_v4.1/Plugins/HTTP助手/index.htm
    .html .js polyglot
  • Nitsc_Behinder_v4.1/Plugins/JNDInjector/file/javassist-3.27.0-GA.jar
    .jar
  • Nitsc_Behinder_v4.1/Plugins/JNDInjector/file/unboundid-ldapsdk-6.0.3.jar
    .jar
  • Nitsc_Behinder_v4.1/Plugins/JNDInjector/index.htm
    .html .js polyglot
  • Nitsc_Behinder_v4.1/Plugins/JNDInjector/jndinjector.png
    .png

    Password: About_1234#

  • Nitsc_Behinder_v4.1/Plugins/JNDInjector/payload/payload.java
    .js polyglot
  • Nitsc_Behinder_v4.1/Plugins/SSH助手/file/jsch-0.1.55.jar
    .jar
  • Nitsc_Behinder_v4.1/Plugins/SSH助手/index.htm
    .html .js polyglot
  • Nitsc_Behinder_v4.1/Plugins/SSH助手/payload/java.payload
  • Nitsc_Behinder_v4.1/Plugins/SSH助手/ssh.png
    .png

    Password: About_1234#

  • Nitsc_Behinder_v4.1/Plugins/ServiceScan/payload/payload.aspx
    .dll windows:4 windows x86 arch:x86

    Password: About_1234#

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Nitsc_Behinder_v4.1/Plugins/ServiceScan/payload/payload.java
  • Nitsc_Behinder_v4.1/Plugins/ServiceScan/payload/payload.php
    .ps1
  • Nitsc_Behinder_v4.1/Plugins/SolrExploit/index.htm
    .html .js polyglot
  • Nitsc_Behinder_v4.1/Plugins/SolrExploit/index.html
    .html .js polyglot
  • Nitsc_Behinder_v4.1/Plugins/SolrExploit/solr.png
    .png

    Password: About_1234#

  • Nitsc_Behinder_v4.1/Plugins/common-libs/bootstrap-combined.min.css
  • Nitsc_Behinder_v4.1/Plugins/common-libs/bootstrap.min.css
  • Nitsc_Behinder_v4.1/Plugins/common-libs/bootstrap.min.js
    .js
  • Nitsc_Behinder_v4.1/Plugins/common-libs/jquery-2.0.0.min.js
    .js
  • Nitsc_Behinder_v4.1/Plugins/common-libs/jquery-3.5.1.slim.min.js
    .js
  • Nitsc_Behinder_v4.1/Plugins/common-libs/layoutit.css
  • Nitsc_Behinder_v4.1/Plugins/common-libs/new/bootstrap.bundle.min.js
    .js
  • Nitsc_Behinder_v4.1/Plugins/common-libs/new/bootstrap.min.css
  • Nitsc_Behinder_v4.1/Plugins/common-libs/new/jquery.slim.min.js
    .js
  • Nitsc_Behinder_v4.1/data.db
    .js
  • Nitsc_Behinder_v4.1/server/shell.ashx
  • Nitsc_Behinder_v4.1/server/shell.asp
  • Nitsc_Behinder_v4.1/server/shell.aspx
    .asp
  • Nitsc_Behinder_v4.1/server/shell.jsp
    .asp
  • Nitsc_Behinder_v4.1/server/shell.jspx
  • Nitsc_Behinder_v4.1/server/shell.php
  • Nitsc_Behinder_v4.1/server/shell_java9.jsp
    .asp
  • Nitsc_Behinder_v4.1/server/shell_uni.jsp
    .asp
  • Nitsc_Behinder_v4.1/更新日志.txt
  • __MACOSX/._Nitsc_Behinder_v4.1
  • __MACOSX/Nitsc_Behinder_v4.1/._.DS_Store