Page 2 of 2

Re: Win32/Bladabindi (NJ RAT)

Posted: Mon Feb 10, 2014 9:46 pm
by patriq
Not sure if this is Bladabindi, but some vendors detect it as such. They appear to be coded in VisualBasic.

Found via Citadel C&C running script to download this:

Code: Select all

hxxp://cm8899.com/twe/download/black/winsys.exe
https://malwr.com/analysis/ZjYyMGJlOGE3 ... FhOWEzYTE/

There were 2 more samples on this server too.

1f6aa01a3ca401cfa6178d54a988cdd9
https://malwr.com/analysis/MjZkYTY0MWNl ... M1ZmE1MjY/

strings:

Code: Select all

C:\Users\DEJOUI\Desktop\TuniLoad Botnet v.1 Source\Original Stub\Stub\Stub\obj\Release\stub.pdb
Anyone seen this "TuniLoad Botnet v.1" or a panel for it?
The only thing in Google is the malwr.com analysis I just submitted.

262c2bb45b5b5790b3890eb7d2e716ed
https://malwr.com/analysis/YTZhNDg2MzY1 ... I4ZWMxNjg/

Attached.

Re: Win32/Bladabindi (NJ RAT)

Posted: Wed Feb 12, 2014 6:01 pm
by korn36
njRat client, used for controlling the infected machines: https://hostr.co/m8v3A4GzWerB

Re: Win32/Bladabindi (NJ RAT)

Posted: Mon Jun 30, 2014 8:34 pm
by Xylitol
Microsoft sinkholed no-ip.biz/no-ip.org >> http://whois.domaintools.com/no-ip.biz
Microsoft takes on global cybercrime epidemic in tenth malware disruption ~ http://blogs.technet.com/b/microsoft_bl ... ption.aspx
lawsuit ~ http://www.noticeoflawsuit.com/
No-IP’s Formal Statement on Microsoft Takedown ~ https://www.noip.com/blog/2014/06/30/ip ... -takedown/

Re: Malware collection

Posted: Sun Dec 25, 2016 7:59 pm
by ikolor

Re: Malware collection

Posted: Thu Dec 29, 2016 6:20 pm
by EP_X0FF
nj rat, posts moved.

Re: Malware collection

Posted: Sat Feb 03, 2018 5:13 pm
by Fedor22
Steam Keys Generator (Backdoor:MSIL/Bladabindi)
Comtains the "JavaUpdate" fake copyright. After the key is generated, changes the autorun value in the registry ("AppData/Roaming/WindowsService.exe", In the registry, "HKEY_CURRENT_USER" and "HKEY_LOCAL_MACHINE").
Trying to connect to the site: hxxp://gutin123.duckdns.org
VT: https://www.virustotal.com/en/file/4343 ... /analysis/

Re: Malware collection

Posted: Sun Mar 25, 2018 11:12 pm
by markusg
SHA-256
9af45575893cc12a2f92165f2f3805e7bdf6206fc1ae3adb2d0a7a3034a35fbc
File name
Fast Instagram Checker.exe
https://www.virustotal.com/#/file/9af45 ... /detection

Re: Malware collection

Posted: Mon Mar 26, 2018 9:43 am
by alio0
markusg wrote:
Sun Mar 25, 2018 11:12 pm
SHA-256
9af45575893cc12a2f92165f2f3805e7bdf6206fc1ae3adb2d0a7a3034a35fbc
File name
Fast Instagram Checker.exe
https://www.virustotal.com/#/file/9af45 ... /detection
it is njrat (Win32.Bladabindi)
connect to : system123.linkpc.net