12.2.fullview.exe.46a7ead.7.raw.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x11bb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x11841:$s3: Executed As
- 0xdecd:$s5: Stub.exe
- 0x11823:$s6: Download ERROR
- 0x11705:$s7: shutdown -r -t 00
|
12.2.fullview.exe.46a7ead.7.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
12.2.fullview.exe.46a7ead.7.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
12.2.fullview.exe.46a7ead.7.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.3c47ead.7.raw.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x11bb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x11841:$s3: Executed As
- 0xdecd:$s5: Stub.exe
- 0x11823:$s6: Download ERROR
- 0x11705:$s7: shutdown -r -t 00
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.3c47ead.7.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.3c47ead.7.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.3c47ead.7.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
12.2.fullview.exe.46a7ead.7.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
12.2.fullview.exe.46a7ead.7.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
12.2.fullview.exe.46a7ead.7.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
12.2.fullview.exe.46a7ead.7.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
12.2.fullview.exe.351dc45.2.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
12.2.fullview.exe.351dc45.2.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
12.2.fullview.exe.351dc45.2.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
12.2.fullview.exe.351dc45.2.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.2.svchost.exe.36e488d.1.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
17.2.svchost.exe.36e488d.1.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
17.2.svchost.exe.36e488d.1.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
17.2.svchost.exe.36e488d.1.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.3c47ead.7.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.3c47ead.7.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.3c47ead.7.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.3c47ead.7.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
4.2.fullview.exe.2e2916d.2.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
4.2.fullview.exe.2e2916d.2.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
4.2.fullview.exe.2e2916d.2.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
4.2.fullview.exe.2e2916d.2.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
13.2.fullview.exe.2c4edb9.2.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
13.2.fullview.exe.2c4edb9.2.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
13.2.fullview.exe.2c4edb9.2.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
13.2.fullview.exe.2c4edb9.2.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
13.2.fullview.exe.3de7ead.7.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
13.2.fullview.exe.3de7ead.7.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
13.2.fullview.exe.3de7ead.7.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
13.2.fullview.exe.3de7ead.7.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.2ac84f0.1.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.2ac84f0.1.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.2ac84f0.1.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
13.2.fullview.exe.2c62b08.1.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
13.2.fullview.exe.2c62b08.1.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
13.2.fullview.exe.2c62b08.1.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.2ac84f0.1.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.2ac84f0.1.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.2ac84f0.1.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.2ac84f0.1.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.2.svchost.exe.4877ead.7.raw.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x11bb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x11841:$s3: Executed As
- 0xdecd:$s5: Stub.exe
- 0x11823:$s6: Download ERROR
- 0x11705:$s7: shutdown -r -t 00
|
17.2.svchost.exe.4877ead.7.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
17.2.svchost.exe.4877ead.7.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
17.2.svchost.exe.4877ead.7.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.2ab47a1.2.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.2ab47a1.2.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.2ab47a1.2.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.2ab47a1.2.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
4.2.fullview.exe.3fb7ead.7.raw.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x11bb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x11841:$s3: Executed As
- 0xdecd:$s5: Stub.exe
- 0x11823:$s6: Download ERROR
- 0x11705:$s7: shutdown -r -t 00
|
4.2.fullview.exe.3fb7ead.7.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
4.2.fullview.exe.3fb7ead.7.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
4.2.fullview.exe.3fb7ead.7.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
4.2.fullview.exe.2e3cebc.1.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
4.2.fullview.exe.2e3cebc.1.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
4.2.fullview.exe.2e3cebc.1.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
13.2.fullview.exe.3de7ead.7.raw.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x11bb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x11841:$s3: Executed As
- 0xdecd:$s5: Stub.exe
- 0x11823:$s6: Download ERROR
- 0x11705:$s7: shutdown -r -t 00
|
13.2.fullview.exe.3de7ead.7.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
13.2.fullview.exe.3de7ead.7.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
13.2.fullview.exe.3de7ead.7.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
4.2.fullview.exe.3fb7ead.7.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
4.2.fullview.exe.3fb7ead.7.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
4.2.fullview.exe.3fb7ead.7.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
4.2.fullview.exe.3fb7ead.7.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.2.svchost.exe.36e488d.1.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
17.2.svchost.exe.36e488d.1.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x25750:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x2598f:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
- 0x25907:$c3: cmd.exe /c ping
|
17.2.svchost.exe.36e488d.1.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x25750:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x2554e:$msg: Execute ERROR
- 0x255aa:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x25907:$ping: cmd.exe /c ping 0 -n 2 & del
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.2ab47a1.2.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.2ab47a1.2.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x25750:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x2598f:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
- 0x25907:$c3: cmd.exe /c ping
|
0.2.4714D68DBB9F9AC36425F2EC73ED434CF57407F36063C.exe.2ab47a1.2.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x25750:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x2554e:$msg: Execute ERROR
- 0x255aa:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x25907:$ping: cmd.exe /c ping 0 -n 2 & del
|
16.2.fullview.exe.400000.0.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x11bb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x11841:$s3: Executed As
- 0xdecd:$s5: Stub.exe
- 0x11823:$s6: Download ERROR
- 0x11705:$s7: shutdown -r -t 00
|
16.2.fullview.exe.400000.0.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
16.2.fullview.exe.400000.0.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
16.2.fullview.exe.400000.0.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
13.2.fullview.exe.2c62b08.1.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
13.2.fullview.exe.2c62b08.1.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
13.2.fullview.exe.2c62b08.1.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
13.2.fullview.exe.2c62b08.1.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
18.2.fullview.exe.400000.0.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x11bb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x11841:$s3: Executed As
- 0xdecd:$s5: Stub.exe
- 0x11823:$s6: Download ERROR
- 0x11705:$s7: shutdown -r -t 00
|
18.2.fullview.exe.400000.0.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
18.2.fullview.exe.400000.0.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
18.2.fullview.exe.400000.0.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
16.0.fullview.exe.400000.1.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x11bb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x11841:$s3: Executed As
- 0xdecd:$s5: Stub.exe
- 0x11823:$s6: Download ERROR
- 0x11705:$s7: shutdown -r -t 00
|
16.0.fullview.exe.400000.1.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
16.0.fullview.exe.400000.1.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
16.0.fullview.exe.400000.1.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
12.2.fullview.exe.3531994.1.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
12.2.fullview.exe.3531994.1.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
12.2.fullview.exe.3531994.1.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
12.2.fullview.exe.3531994.1.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.2.svchost.exe.4877ead.7.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
17.2.svchost.exe.4877ead.7.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
17.2.svchost.exe.4877ead.7.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
17.2.svchost.exe.4877ead.7.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
4.2.fullview.exe.2e3cebc.1.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
4.2.fullview.exe.2e3cebc.1.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
4.2.fullview.exe.2e3cebc.1.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
4.2.fullview.exe.2e3cebc.1.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
18.0.fullview.exe.400000.1.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x11bb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x11841:$s3: Executed As
- 0xdecd:$s5: Stub.exe
- 0x11823:$s6: Download ERROR
- 0x11705:$s7: shutdown -r -t 00
|
18.0.fullview.exe.400000.1.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
18.0.fullview.exe.400000.1.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
18.0.fullview.exe.400000.1.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
11.0.fullview.exe.400000.1.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x11bb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x11841:$s3: Executed As
- 0xdecd:$s5: Stub.exe
- 0x11823:$s6: Download ERROR
- 0x11705:$s7: shutdown -r -t 00
|
11.0.fullview.exe.400000.1.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
11.0.fullview.exe.400000.1.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
11.0.fullview.exe.400000.1.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
13.2.fullview.exe.2c4edb9.2.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
13.2.fullview.exe.2c4edb9.2.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x25750:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x2598f:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
- 0x25907:$c3: cmd.exe /c ping
|
13.2.fullview.exe.2c4edb9.2.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x25750:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x2554e:$msg: Execute ERROR
- 0x255aa:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x25907:$ping: cmd.exe /c ping 0 -n 2 & del
|
11.2.fullview.exe.400000.0.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x11bb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x11841:$s3: Executed As
- 0xdecd:$s5: Stub.exe
- 0x11823:$s6: Download ERROR
- 0x11705:$s7: shutdown -r -t 00
|
11.2.fullview.exe.400000.0.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
11.2.fullview.exe.400000.0.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
11.2.fullview.exe.400000.0.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.2.svchost.exe.36f85dc.2.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0xfdb8:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0xfa41:$s3: Executed As
- 0xc0cd:$s5: Stub.exe
- 0xfa23:$s6: Download ERROR
- 0xf905:$s7: shutdown -r -t 00
|
17.2.svchost.exe.36f85dc.2.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
17.2.svchost.exe.36f85dc.2.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xfc01:$a2: SEE_MASK_NOZONECHECKS
- 0xfe40:$b1: [TAP]
- 0xfdb8:$c3: cmd.exe /c ping
|
17.2.svchost.exe.36f85dc.2.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xfc01:$reg: SEE_MASK_NOZONECHECKS
- 0xf9ff:$msg: Execute ERROR
- 0xfa5b:$msg: Execute ERROR
- 0xfdb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
12.2.fullview.exe.3531994.1.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
12.2.fullview.exe.3531994.1.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x430901:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x430b40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
- 0x430ab8:$c3: cmd.exe /c ping
|
12.2.fullview.exe.3531994.1.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x430901:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x4306ff:$msg: Execute ERROR
- 0x43075b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x430ab8:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.2.svchost.exe.36f85dc.2.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
17.2.svchost.exe.36f85dc.2.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
|
17.2.svchost.exe.36f85dc.2.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
|
12.2.fullview.exe.351dc45.2.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
12.2.fullview.exe.351dc45.2.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x25750:$a2: SEE_MASK_NOZONECHECKS
- 0x444650:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x2598f:$b1: [TAP]
- 0x44488f:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
- 0x25907:$c3: cmd.exe /c ping
- 0x444807:$c3: cmd.exe /c ping
|
12.2.fullview.exe.351dc45.2.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x25750:$reg: SEE_MASK_NOZONECHECKS
- 0x444650:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x2554e:$msg: Execute ERROR
- 0x255aa:$msg: Execute ERROR
- 0x44444e:$msg: Execute ERROR
- 0x4444aa:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x25907:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x444807:$ping: cmd.exe /c ping 0 -n 2 & del
|
4.2.fullview.exe.2e2916d.2.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
4.2.fullview.exe.2e2916d.2.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x11a01:$a2: SEE_MASK_NOZONECHECKS
- 0x25750:$a2: SEE_MASK_NOZONECHECKS
- 0x11c40:$b1: [TAP]
- 0x2598f:$b1: [TAP]
- 0x11bb8:$c3: cmd.exe /c ping
- 0x25907:$c3: cmd.exe /c ping
|
4.2.fullview.exe.2e2916d.2.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x11a01:$reg: SEE_MASK_NOZONECHECKS
- 0x25750:$reg: SEE_MASK_NOZONECHECKS
- 0x117ff:$msg: Execute ERROR
- 0x1185b:$msg: Execute ERROR
- 0x2554e:$msg: Execute ERROR
- 0x255aa:$msg: Execute ERROR
- 0x11bb8:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x25907:$ping: cmd.exe /c ping 0 -n 2 & del
|
Click to see the 129 entries |