Win32/Bladabindi (NJ RAT)

Forum for analysis and discussion about malware.
patriq
Posts: 108
Joined: Fri Jun 28, 2013 8:11 pm
Contact:

Re: Win32/Bladabindi (NJ RAT)

Post by patriq » Mon Feb 10, 2014 9:46 pm

Not sure if this is Bladabindi, but some vendors detect it as such. They appear to be coded in VisualBasic.

Found via Citadel C&C running script to download this:

Code: Select all

hxxp://cm8899.com/twe/download/black/winsys.exe
https://malwr.com/analysis/ZjYyMGJlOGE3 ... FhOWEzYTE/

There were 2 more samples on this server too.

1f6aa01a3ca401cfa6178d54a988cdd9
https://malwr.com/analysis/MjZkYTY0MWNl ... M1ZmE1MjY/

strings:

Code: Select all

C:\Users\DEJOUI\Desktop\TuniLoad Botnet v.1 Source\Original Stub\Stub\Stub\obj\Release\stub.pdb
Anyone seen this "TuniLoad Botnet v.1" or a panel for it?
The only thing in Google is the malwr.com analysis I just submitted.

262c2bb45b5b5790b3890eb7d2e716ed
https://malwr.com/analysis/YTZhNDg2MzY1 ... I4ZWMxNjg/

Attached.
You do not have the required permissions to view the files attached to this post.

korn36
Posts: 4
Joined: Thu Jun 27, 2013 1:39 pm

Re: Win32/Bladabindi (NJ RAT)

Post by korn36 » Wed Feb 12, 2014 6:01 pm

njRat client, used for controlling the infected machines: https://hostr.co/m8v3A4GzWerB

User avatar
Xylitol
Global Moderator
Posts: 1665
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Win32/Bladabindi (NJ RAT)

Post by Xylitol » Mon Jun 30, 2014 8:34 pm

Microsoft sinkholed no-ip.biz/no-ip.org >> http://whois.domaintools.com/no-ip.biz
Microsoft takes on global cybercrime epidemic in tenth malware disruption ~ http://blogs.technet.com/b/microsoft_bl ... ption.aspx
lawsuit ~ http://www.noticeoflawsuit.com/
No-IP’s Formal Statement on Microsoft Takedown ~ https://www.noip.com/blog/2014/06/30/ip ... -takedown/

ikolor
Posts: 293
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Sun Dec 25, 2016 7:59 pm

You do not have the required permissions to view the files attached to this post.

User avatar
EP_X0FF
Global Moderator
Posts: 4792
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Malware collection

Post by EP_X0FF » Thu Dec 29, 2016 6:20 pm

nj rat, posts moved.
Ring0 - the source of inspiration

markusg
Posts: 730
Joined: Mon Mar 15, 2010 2:53 pm

Re: Malware collection

Post by markusg » Sun Mar 25, 2018 11:12 pm

SHA-256
9af45575893cc12a2f92165f2f3805e7bdf6206fc1ae3adb2d0a7a3034a35fbc
File name
Fast Instagram Checker.exe
https://www.virustotal.com/#/file/9af45 ... /detection
You do not have the required permissions to view the files attached to this post.

alio0
Posts: 2
Joined: Sat Jan 07, 2017 10:00 am

Re: Malware collection

Post by alio0 » Mon Mar 26, 2018 9:43 am

markusg wrote:
Sun Mar 25, 2018 11:12 pm
SHA-256
9af45575893cc12a2f92165f2f3805e7bdf6206fc1ae3adb2d0a7a3034a35fbc
File name
Fast Instagram Checker.exe
https://www.virustotal.com/#/file/9af45 ... /detection
it is njrat (Win32.Bladabindi)
connect to : system123.linkpc.net

Post Reply