Windows Analysis Report
Xtks4KI16J.exe

Overview

General Information

Sample name: Xtks4KI16J.exe
renamed because original name is a hash value
Original sample name: Virus.Hijack.ATA_virussign.com_e7535a5bf45492fceb86529a7fc9262d.exe
Analysis ID: 1507175
MD5: e7535a5bf45492fceb86529a7fc9262d
SHA1: 3794cd79ac81a757a3a5472425d636d09542bf82
SHA256: f786169ec6bf76ccf3ae7e231f5721926d668e8162a3772adb4d60edf27ed4e7
Infos:

Detection

Berbew, Njrat
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Yara detected Berbew
Yara detected Njrat
AI detected suspicious sample
Creates an undocumented autostart registry key
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file has a writeable .text section
Creates files inside the system directory
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Entry point lies outside standard sections
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Berbew No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.berbew
Name Description Attribution Blogpost URLs Link
NjRAT RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
 https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: Xtks4KI16J.exe Avira: detected
Antivirus detection for URL or domain
Source: http://color-bank.ru/index.php URL Reputation: Label: malware
Source: http://parex-bank.ru/index.htm URL Reputation: Label: malware
Source: http://kidos-bank.ru/index.htm URL Reputation: Label: malware
Source: http://ros-neftbank.ru/index.php URL Reputation: Label: malware
Antivirus detection for dropped file
Source: C:\Windows\SysWOW64\Ikgcna32.exe Avira: detection malicious, Label: TR/Crypt.XDR.Gen
Source: C:\Windows\SysWOW64\Gjdogi32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Cacope32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Jebgbcgg.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Hdlllf32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Jbogli32.exe Avira: detection malicious, Label: TR/Crypt.XDR.Gen
Source: C:\Windows\SysWOW64\Epibpnek.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Biiggc32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Beofla32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Gedgjccb.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Dajmooqf.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Idogffko.exe Avira: detection malicious, Label: TR/Crypt.XDR.Gen
Source: C:\Windows\SysWOW64\Egobfg32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Ckllojnq.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Jdhlnhlh.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Dblkhkce.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Glblcojl.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Fpianhmj.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Hilimkhd.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Jddqaf32.exe Avira: detection malicious, Label: TR/Crypt.XDR.Gen
Source: C:\Windows\SysWOW64\Hiiodl32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Cmjgejad.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Ekicli32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Ikklipqi.exe Avira: detection malicious, Label: TR/Crypt.XDR.Gen
Source: C:\Windows\SysWOW64\Alqeloga.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Ghhjiigd.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Jccpao32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Avira: detection malicious, Label: TR/Crypt.XDR.Gen
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Avira: detection malicious, Label: TR/Crypt.XDR.Gen
Source: C:\Windows\SysWOW64\Efqdik32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Yara detected Njrat
Source: Yara match File source: Xtks4KI16J.exe, type: SAMPLE
Source: Yara match File source: 37.3.Poeofa32.exe.81aabc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 31.3.Obbofa32.exe.72a3bc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.3.Mndmif32.exe.6ca364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.3.Kjjlpk32.exe.60a944.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.3.Xtks4KI16J.exe.54bf44.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.3.Ikklipqi.exe.64a3cc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.3.Jjqijmeq.exe.52997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.3.Ipfhkgac.exe.5d9814.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.3.Khbbobom.exe.61997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.3.Naipepdh.exe.7ba3cc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.3.Idogffko.exe.5ea36c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.3.Lgqbfmlj.exe.7aa944.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.3.Olpmjffk.exe.58a6d4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 33.3.Olmpdg32.exe.50997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.3.Mbiciein.exe.53a91c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.3.Jgdjcadj.exe.56a94c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 32.3.Ooipkb32.exe.61997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.3.Mnodnfob.exe.7a925c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.3.Nnmpodcb.exe.61957c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.3.Jddqaf32.exe.58925c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.3.Lileeqgb.exe.69a364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 33.3.Olmpdg32.exe.50997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.3.Jqmnlf32.exe.4c9754.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.3.Ikgcna32.exe.5e9814.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.3.Lileeqgb.exe.69a364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.3.Nlaqhh32.exe.6ea3b4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.3.Nbdbdc32.exe.78a94c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.3.Jddqaf32.exe.58925c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 36.3.Pkgfpbhq.exe.50a364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.3.Jgdjcadj.exe.56a94c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.3.Maefjq32.exe.6f9254.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.3.Khnicb32.exe.64a624.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 35.3.Plbiofci.exe.79997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.3.Idogffko.exe.5ea36c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.3.Jbogli32.exe.5b9254.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.3.Kkjhjn32.exe.50997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 32.3.Ooipkb32.exe.61997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.3.Ikklipqi.exe.64a3cc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.3.Mhlaakam.exe.4dc24c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.3.Mhlaakam.exe.4dc24c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.3.Mbiciein.exe.53a91c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 39.3.Peadik32.exe.55bd9c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 39.3.Peadik32.exe.55bd9c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.3.Mnodnfob.exe.7a925c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.3.Ikgcna32.exe.5e9814.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.3.Jqmnlf32.exe.4c9754.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.3.Poeofa32.exe.81aabc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 36.3.Pkgfpbhq.exe.50a364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 38.3.Pklpkb32.exe.7aa984.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.3.Lbmcmgck.exe.5b957c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.3.Khbbobom.exe.61997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.3.Nnmpodcb.exe.61957c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.3.Jbogli32.exe.5b9254.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.3.Kkjhjn32.exe.50997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.3.Olpmjffk.exe.58a6d4.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.3.Kjjlpk32.exe.60a944.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 29.3.Njfmiegc.exe.66a364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.3.Oihnglob.exe.5b997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.3.Nlaqhh32.exe.6ea3b4.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.3.Ipfhkgac.exe.5d9814.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.3.Jkbbioja.exe.7b997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.3.Lbmcmgck.exe.5b957c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.3.Maefjq32.exe.6f9254.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 35.3.Plbiofci.exe.79997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.3.Khnicb32.exe.64a624.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.3.Lqbqnc32.exe.6c9254.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.3.Mndmif32.exe.6ca364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.3.Naipepdh.exe.7ba3cc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.3.Jjqijmeq.exe.52997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.3.Mapmoalc.exe.6d997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.3.Mapmoalc.exe.6d997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 29.3.Njfmiegc.exe.66a364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.3.Nbdbdc32.exe.78a94c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 38.3.Pklpkb32.exe.7aa984.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.3.Lgqbfmlj.exe.7aa944.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.3.Jkbbioja.exe.7b997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 31.3.Obbofa32.exe.72a3bc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.3.Oihnglob.exe.5b997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.3.Lqbqnc32.exe.6c9254.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.3.Xtks4KI16J.exe.54bf44.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000012.00000003.1688164672.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000003.1697552383.0000000000797000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000003.1694510887.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000003.1701418557.0000000000625000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000003.1694286330.0000000000498000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.1671203618.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.1676781348.00000000005E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000003.1683462189.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.1670457993.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000003.1672819793.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000003.1684949314.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000003.1693116752.0000000000685000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000021.00000003.1705228208.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.1668782636.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000003.1703656412.0000000000707000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000021.00000003.1705639249.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000003.1709294497.00000000004C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000003.1690898361.0000000000786000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000003.1706530374.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000003.1710074051.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000003.1704430325.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000003.1674880791.0000000000796000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000003.1687305020.0000000000677000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000003.1667291116.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000003.1699661136.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000003.1703055149.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000003.1695645633.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1667029266.0000000000529000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000003.1672114191.0000000000526000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000003.1695959573.0000000000746000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000003.1707729803.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000003.1692151763.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.1679986428.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000003.1702063579.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000003.1677476799.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000003.1710369558.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000003.1694223714.00000000004B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000003.1702539267.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000003.1667894302.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000003.1690653470.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000003.1697597168.0000000000775000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000003.1672430705.0000000000547000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000003.1710709203.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.1668815811.00000000005A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000003.1712420174.0000000000518000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000003.1671436205.0000000000506000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000003.1681947520.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000023.00000003.1707981977.0000000000776000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.1681569219.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.1669744969.0000000000606000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000003.1673624988.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.1670200142.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000003.1691398102.0000000000786000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.1676450226.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000003.1701115040.0000000000647000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000003.1698913597.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000003.1674489593.0000000000796000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000003.1689381091.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000003.1686405855.0000000000656000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000003.1671740347.0000000000506000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000003.1686155433.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000003.1688636072.0000000000787000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1667061193.0000000000508000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.1669035615.00000000005B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000026.00000003.1711570308.0000000000787000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000003.1699181347.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000003.1682561869.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000003.1697850395.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000003.1703953725.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000003.1684599558.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000003.1696422787.0000000000767000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000003.1676196679.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.1669512206.00000000005B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000003.1693082181.00000000006A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000003.1691808934.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000003.1712314991.0000000000539000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000023.00000003.1708810484.0000000000776000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000003.1678785309.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Xtks4KI16J.exe PID: 1620, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ikgcna32.exe PID: 5228, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Idogffko.exe PID: 4484, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ipfhkgac.exe PID: 3300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ikklipqi.exe PID: 5824, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jddqaf32.exe PID: 4564, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jjqijmeq.exe PID: 3632, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jgdjcadj.exe PID: 2596, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jqmnlf32.exe PID: 6748, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jkbbioja.exe PID: 4280, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jbogli32.exe PID: 6008, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Kjjlpk32.exe PID: 6668, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Kkjhjn32.exe PID: 7112, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Khnicb32.exe PID: 7184, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Khbbobom.exe PID: 7200, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lbmcmgck.exe PID: 7216, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lqbqnc32.exe PID: 7232, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lileeqgb.exe PID: 7248, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lgqbfmlj.exe PID: 7264, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mbiciein.exe PID: 7284, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mnodnfob.exe PID: 7300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mapmoalc.exe PID: 7320, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mndmif32.exe PID: 7336, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mhlaakam.exe PID: 7352, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Maefjq32.exe PID: 7368, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nbdbdc32.exe PID: 7384, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Naipepdh.exe PID: 7400, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nnmpodcb.exe PID: 7416, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nlaqhh32.exe PID: 7432, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Njfmiegc.exe PID: 7448, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Oihnglob.exe PID: 7464, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Obbofa32.exe PID: 7480, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ooipkb32.exe PID: 7496, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Olmpdg32.exe PID: 7512, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Olpmjffk.exe PID: 7532, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Plbiofci.exe PID: 7548, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Pkgfpbhq.exe PID: 7572, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Poeofa32.exe PID: 7588, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Pklpkb32.exe PID: 7604, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Peadik32.exe PID: 7620, type: MEMORYSTR
Source: Yara match File source: C:\Windows\SysWOW64\Peadik32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lileeqgb.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Pkgfpbhq.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Olpmjffk.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Kkjhjn32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lbmcmgck.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Olmpdg32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jqmnlf32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mndmif32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Njfmiegc.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mapmoalc.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mbiciein.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Poeofa32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jjqijmeq.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Pojhapkb.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Nnmpodcb.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lqbqnc32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jbogli32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Naipepdh.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lgqbfmlj.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ikgcna32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Nbdbdc32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Khnicb32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mhlaakam.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ikklipqi.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jddqaf32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Idogffko.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ipfhkgac.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Plbiofci.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Khbbobom.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jgdjcadj.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ooipkb32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Obbofa32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Nlaqhh32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Kjjlpk32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Oihnglob.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Pklpkb32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jkbbioja.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Maefjq32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mnodnfob.exe, type: DROPPED
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Windows\SysWOW64\Ikgcna32.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Gjdogi32.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Cacope32.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Jebgbcgg.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Hdlllf32.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Jbogli32.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Epibpnek.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Biiggc32.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Beofla32.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Gedgjccb.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Dajmooqf.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Idogffko.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Egobfg32.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Ckllojnq.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Jdhlnhlh.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Dblkhkce.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Glblcojl.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Fpianhmj.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Hilimkhd.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Jddqaf32.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Hiiodl32.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Cmjgejad.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Ekicli32.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Ikklipqi.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Alqeloga.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Ghhjiigd.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Jccpao32.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Efqdik32.dll Joe Sandbox ML: detected
Machine Learning detection for sample
Source: Xtks4KI16J.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: Xtks4KI16J.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then cmp eax, ebx 0_2_00430000
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then jne 00430024h 0_2_00430000
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then je 00430084h 0_2_00430000
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then div edi 0_2_0043009C
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then je 00403D01h 0_2_00403CB3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then xor dword ptr [eax], ecx 0_2_00403CB3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then inc eax 0_2_00403CB3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then jne 00403CD7h 0_2_00403CB3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then mov eax, 0042B000h 0_2_00403CB3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then je 00403D37h 0_2_00403CB3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then xor dword ptr [eax], ecx 0_2_00403CB3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then add eax, 04h 0_2_00403CB3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then jne 00403D1Fh 0_2_00403CB3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then popad 0_2_00403CB3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then mov ecx, dword ptr [eax+04h] 0_2_00403D50
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then add ebx, 04h 0_2_00403D50
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then jl 00403D74h 0_2_00403D50
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then add eax, 0Ch 0_2_00403D50
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then popad 0_2_00403D50
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then pop edi 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then mov ebx, 00408F6Ch 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then sub ecx, eax 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then xor edx, edx 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then push eax 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then div edi 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then xchg eax, ecx 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then add eax, edi 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then loop 00403E23h 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then mov eax, 0042B000h 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then mov ebx, 0042E3D0h 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then sub ecx, eax 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then xor edx, edx 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then push eax 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then div edi 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then xchg eax, ecx 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then add eax, edi 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then loop 00403E83h 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then popad 0_2_00403DC3
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then mov eax, 00401000h 0_2_0042FE60
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then cmp eax, ebx 0_2_0042FE60
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then jne 00430024h 0_2_0042FE60
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: 4x nop then je 00430084h 0_2_0042FE60
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then mov eax, ecx 1_2_00430068
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then div edi 1_2_00430068
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then call 0043000Ch 1_2_00430000
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then je 00403D01h 1_2_00403CB3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then xor dword ptr [eax], ecx 1_2_00403CB3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then inc eax 1_2_00403CB3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then jne 00403CD7h 1_2_00403CB3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then mov eax, 0042B000h 1_2_00403CB3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then je 00403D37h 1_2_00403CB3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then xor dword ptr [eax], ecx 1_2_00403CB3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then add eax, 04h 1_2_00403CB3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then jne 00403D1Fh 1_2_00403CB3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then popad 1_2_00403CB3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then mov ecx, dword ptr [eax+04h] 1_2_00403D50
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then add ebx, 04h 1_2_00403D50
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then jl 00403D74h 1_2_00403D50
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then add eax, 0Ch 1_2_00403D50
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then popad 1_2_00403D50
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then pop edi 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then mov ebx, 00408F6Ch 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then sub ecx, eax 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then xor edx, edx 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then push eax 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then div edi 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then xchg eax, ecx 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then add eax, edi 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then loop 00403E23h 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then mov eax, 0042B000h 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then mov ebx, 0042E3D0h 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then sub ecx, eax 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then xor edx, edx 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then push eax 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then div edi 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then xchg eax, ecx 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then add eax, edi 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then loop 00403E83h 1_2_00403DC3
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: 4x nop then popad 1_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then push 00000004h 2_2_00430000
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then je 00430072h 2_2_00430000
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then mov ebx, 00408F6Ch 2_2_00430000
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then mov eax, ecx 2_2_00430000
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then add eax, edi 2_2_00430000
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then loop 00430060h 2_2_00430000
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then mov ebx, 0042E3D0h 2_2_00430000
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then mov ecx, ebx 2_2_00430000
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then xor dword ptr [eax], esi 2_2_00430000
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then jmp 00401219h 2_2_00430000
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then je 00403D01h 2_2_00403CB3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then xor dword ptr [eax], ecx 2_2_00403CB3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then inc eax 2_2_00403CB3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then jne 00403CD7h 2_2_00403CB3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then mov eax, 0042B000h 2_2_00403CB3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then je 00403D37h 2_2_00403CB3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then xor dword ptr [eax], ecx 2_2_00403CB3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then add eax, 04h 2_2_00403CB3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then jne 00403D1Fh 2_2_00403CB3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then popad 2_2_00403CB3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then mov ecx, dword ptr [eax+04h] 2_2_00403D50
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then add ebx, 04h 2_2_00403D50
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then jl 00403D74h 2_2_00403D50
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then add eax, 0Ch 2_2_00403D50
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then popad 2_2_00403D50
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then pop edi 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then mov ebx, 00408F6Ch 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then sub ecx, eax 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then xor edx, edx 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then push eax 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then div edi 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then xchg eax, ecx 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then add eax, edi 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then loop 00403E23h 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then mov eax, 0042B000h 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then mov ebx, 0042E3D0h 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then sub ecx, eax 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then xor edx, edx 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then push eax 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then div edi 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then xchg eax, ecx 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then add eax, edi 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then loop 00403E83h 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then popad 2_2_00403DC3
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then push 00000004h 2_2_0042FE60
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then je 00430072h 2_2_0042FE60
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then mov ebx, 00408F6Ch 2_2_0042FE60
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then mov eax, ecx 2_2_0042FE60
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then add eax, edi 2_2_0042FE60
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then loop 00430060h 2_2_0042FE60
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then mov ebx, 0042E3D0h 2_2_0042FE60
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then mov ecx, ebx 2_2_0042FE60
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then xor dword ptr [eax], esi 2_2_0042FE60
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: 4x nop then jmp 00401219h 2_2_0042FE60
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then xor dword ptr [eax], esi 3_2_00430073
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then jmp 00401219h 3_2_00430073
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then call 0043000Ch 3_2_00430000
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then add eax, 00403DAAh 3_2_0043000C
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then mov ecx, dword ptr [eax+04h] 3_2_0043000C
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then mov edx, dword ptr [eax+08h] 3_2_0043000C
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then xor dword ptr [ebx], edx 3_2_0043000C
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then cmp ebx, ecx 3_2_0043000C
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then add eax, 0Ch 3_2_0043000C
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then jne 0043001Eh 3_2_0043000C
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then je 00403D01h 3_2_00403CB3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then xor dword ptr [eax], ecx 3_2_00403CB3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then inc eax 3_2_00403CB3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then jne 00403CD7h 3_2_00403CB3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then mov eax, 0042B000h 3_2_00403CB3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then je 00403D37h 3_2_00403CB3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then xor dword ptr [eax], ecx 3_2_00403CB3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then add eax, 04h 3_2_00403CB3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then jne 00403D1Fh 3_2_00403CB3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then popad 3_2_00403CB3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then mov ecx, dword ptr [eax+04h] 3_2_00403D50
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then add ebx, 04h 3_2_00403D50
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then jl 00403D74h 3_2_00403D50
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then add eax, 0Ch 3_2_00403D50
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then popad 3_2_00403D50
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then pop edi 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then mov ebx, 00408F6Ch 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then sub ecx, eax 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then xor edx, edx 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then push eax 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then div edi 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then xchg eax, ecx 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then add eax, edi 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then loop 00403E23h 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then mov eax, 0042B000h 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then mov ebx, 0042E3D0h 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then sub ecx, eax 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then xor edx, edx 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then push eax 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then div edi 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then xchg eax, ecx 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then add eax, edi 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then loop 00403E83h 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: 4x nop then popad 3_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then inc eax 4_2_00430000
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then cmp eax, ebx 4_2_00430000
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then mov eax, 0042B000h 4_2_00430000
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then je 00430084h 4_2_00430000
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then xor dword ptr [eax], ecx 4_2_00430000
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then add eax, 04h 4_2_00430000
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then cmp eax, ebx 4_2_00430000
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then jne 0043006Ch 4_2_00430000
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then xor dword ptr [eax], esi 4_2_0043009D
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then jmp 00401219h 4_2_0043009D
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then je 00403D01h 4_2_00403CB3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then xor dword ptr [eax], ecx 4_2_00403CB3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then inc eax 4_2_00403CB3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then jne 00403CD7h 4_2_00403CB3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then mov eax, 0042B000h 4_2_00403CB3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then je 00403D37h 4_2_00403CB3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then xor dword ptr [eax], ecx 4_2_00403CB3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then add eax, 04h 4_2_00403CB3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then jne 00403D1Fh 4_2_00403CB3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then popad 4_2_00403CB3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then mov ecx, dword ptr [eax+04h] 4_2_00403D50
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then add ebx, 04h 4_2_00403D50
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then jl 00403D74h 4_2_00403D50
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then add eax, 0Ch 4_2_00403D50
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then popad 4_2_00403D50
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then pop edi 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then mov ebx, 00408F6Ch 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then sub ecx, eax 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then xor edx, edx 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then push eax 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then div edi 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then xchg eax, ecx 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then add eax, edi 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then loop 00403E23h 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then mov eax, 0042B000h 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then mov ebx, 0042E3D0h 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then sub ecx, eax 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then xor edx, edx 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then push eax 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then div edi 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then xchg eax, ecx 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then add eax, edi 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then loop 00403E83h 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then popad 4_2_00403DC3
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then inc eax 4_2_0042FE60
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then cmp eax, ebx 4_2_0042FE60
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then mov eax, 0042B000h 4_2_0042FE60
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then je 00430084h 4_2_0042FE60
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then xor dword ptr [eax], ecx 4_2_0042FE60
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then add eax, 04h 4_2_0042FE60
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then cmp eax, ebx 4_2_0042FE60
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: 4x nop then jne 0043006Ch 4_2_0042FE60
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then pushad 5_2_00430000
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then mov ebx, 00408F6Ch 5_2_00430000
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then mov ecx, ebx 5_2_00430000
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then loop 00430060h 5_2_00430000
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then je 004300D2h 5_2_00430000
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then div edi 5_2_00430000
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then mov esi, 61C62A2Eh 5_2_00430000
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then add eax, edi 5_2_00430000
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then je 00403D01h 5_2_00403CB3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then xor dword ptr [eax], ecx 5_2_00403CB3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then inc eax 5_2_00403CB3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then jne 00403CD7h 5_2_00403CB3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then mov eax, 0042B000h 5_2_00403CB3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then je 00403D37h 5_2_00403CB3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then xor dword ptr [eax], ecx 5_2_00403CB3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then add eax, 04h 5_2_00403CB3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then jne 00403D1Fh 5_2_00403CB3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then popad 5_2_00403CB3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then mov ecx, dword ptr [eax+04h] 5_2_00403D50
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then add ebx, 04h 5_2_00403D50
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then jl 00403D74h 5_2_00403D50
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then add eax, 0Ch 5_2_00403D50
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then popad 5_2_00403D50
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then pop edi 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then mov ebx, 00408F6Ch 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then sub ecx, eax 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then xor edx, edx 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then push eax 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then div edi 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then xchg eax, ecx 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then add eax, edi 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then loop 00403E23h 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then mov eax, 0042B000h 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then mov ebx, 0042E3D0h 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then sub ecx, eax 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then xor edx, edx 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then push eax 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then div edi 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then xchg eax, ecx 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then add eax, edi 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then loop 00403E83h 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then popad 5_2_00403DC3
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then mov ebx, 00408F6Ch 5_2_0042FE60
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then mov ecx, ebx 5_2_0042FE60
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then loop 00430060h 5_2_0042FE60
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then je 004300D2h 5_2_0042FE60
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then div edi 5_2_0042FE60
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then mov esi, 61C62A2Eh 5_2_0042FE60
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: 4x nop then add eax, edi 5_2_0042FE60
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then add eax, 00403DAAh 6_2_0043000C
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then mov ebx, dword ptr [eax] 6_2_0043000C
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then mov edx, dword ptr [eax+08h] 6_2_0043000C
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then add eax, 0Ch 6_2_0043000C
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then je 00403D01h 6_2_00403CB3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then xor dword ptr [eax], ecx 6_2_00403CB3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then inc eax 6_2_00403CB3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then jne 00403CD7h 6_2_00403CB3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then mov eax, 0042B000h 6_2_00403CB3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then je 00403D37h 6_2_00403CB3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then xor dword ptr [eax], ecx 6_2_00403CB3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then add eax, 04h 6_2_00403CB3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then jne 00403D1Fh 6_2_00403CB3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then popad 6_2_00403CB3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then mov ecx, dword ptr [eax+04h] 6_2_00403D50
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then add ebx, 04h 6_2_00403D50
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then jl 00403D74h 6_2_00403D50
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then add eax, 0Ch 6_2_00403D50
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then popad 6_2_00403D50
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then pop edi 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then mov ebx, 00408F6Ch 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then sub ecx, eax 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then xor edx, edx 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then push eax 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then div edi 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then xchg eax, ecx 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then add eax, edi 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then loop 00403E23h 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then mov eax, 0042B000h 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then mov ebx, 0042E3D0h 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then sub ecx, eax 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then xor edx, edx 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then push eax 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then div edi 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then xchg eax, ecx 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then add eax, edi 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then loop 00403E83h 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: 4x nop then popad 6_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then inc eax 7_2_00430000
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then cmp eax, ebx 7_2_00430000
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then test eax, eax 7_2_00430000
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then div edi 7_2_0043009E
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then mov esi, 61C62A2Eh 7_2_0043009E
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then add eax, edi 7_2_0043009E
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then je 00403D01h 7_2_00403CB3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then xor dword ptr [eax], ecx 7_2_00403CB3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then inc eax 7_2_00403CB3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then jne 00403CD7h 7_2_00403CB3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then mov eax, 0042B000h 7_2_00403CB3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then je 00403D37h 7_2_00403CB3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then xor dword ptr [eax], ecx 7_2_00403CB3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then add eax, 04h 7_2_00403CB3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then jne 00403D1Fh 7_2_00403CB3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then popad 7_2_00403CB3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then mov ecx, dword ptr [eax+04h] 7_2_00403D50
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then add ebx, 04h 7_2_00403D50
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then jl 00403D74h 7_2_00403D50
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then add eax, 0Ch 7_2_00403D50
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then popad 7_2_00403D50
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then pop edi 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then mov ebx, 00408F6Ch 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then sub ecx, eax 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then xor edx, edx 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then push eax 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then div edi 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then xchg eax, ecx 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then add eax, edi 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then loop 00403E23h 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then mov eax, 0042B000h 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then mov ebx, 0042E3D0h 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then sub ecx, eax 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then xor edx, edx 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then push eax 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then div edi 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then xchg eax, ecx 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then add eax, edi 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then loop 00403E83h 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then popad 7_2_00403DC3
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then inc eax 7_2_0042FE60
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then cmp eax, ebx 7_2_0042FE60
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: 4x nop then test eax, eax 7_2_0042FE60
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then pop edi 8_2_00430000
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then xchg eax, ecx 8_2_00430000
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then loop 004300C0h 8_2_00430000
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then je 00403D01h 8_2_00403CB3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then xor dword ptr [eax], ecx 8_2_00403CB3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then inc eax 8_2_00403CB3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then jne 00403CD7h 8_2_00403CB3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then mov eax, 0042B000h 8_2_00403CB3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then je 00403D37h 8_2_00403CB3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then xor dword ptr [eax], ecx 8_2_00403CB3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then add eax, 04h 8_2_00403CB3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then jne 00403D1Fh 8_2_00403CB3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then popad 8_2_00403CB3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then mov ecx, dword ptr [eax+04h] 8_2_00403D50
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then add ebx, 04h 8_2_00403D50
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then jl 00403D74h 8_2_00403D50
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then add eax, 0Ch 8_2_00403D50
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then popad 8_2_00403D50
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then pop edi 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then mov ebx, 00408F6Ch 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then sub ecx, eax 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then xor edx, edx 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then push eax 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then div edi 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then xchg eax, ecx 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then add eax, edi 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then loop 00403E23h 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then mov eax, 0042B000h 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then mov ebx, 0042E3D0h 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then sub ecx, eax 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then xor edx, edx 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then push eax 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then div edi 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then xchg eax, ecx 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then add eax, edi 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then loop 00403E83h 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then popad 8_2_00403DC3
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then pop edi 8_2_0042FE60
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then xchg eax, ecx 8_2_0042FE60
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: 4x nop then loop 004300C0h 8_2_0042FE60
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then loop 004300C0h 9_2_00430071
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then xor dword ptr [ebx], edx 9_2_0043000C
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then add ebx, 04h 9_2_0043000C
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then jne 0043001Eh 9_2_0043000C
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then je 00403D01h 9_2_00403CB3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then xor dword ptr [eax], ecx 9_2_00403CB3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then inc eax 9_2_00403CB3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then jne 00403CD7h 9_2_00403CB3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then mov eax, 0042B000h 9_2_00403CB3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then je 00403D37h 9_2_00403CB3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then xor dword ptr [eax], ecx 9_2_00403CB3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then add eax, 04h 9_2_00403CB3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then jne 00403D1Fh 9_2_00403CB3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then popad 9_2_00403CB3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then mov ecx, dword ptr [eax+04h] 9_2_00403D50
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then add ebx, 04h 9_2_00403D50
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then jl 00403D74h 9_2_00403D50
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then add eax, 0Ch 9_2_00403D50
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then popad 9_2_00403D50
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then pop edi 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then mov ebx, 00408F6Ch 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then sub ecx, eax 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then xor edx, edx 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then push eax 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then div edi 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then xchg eax, ecx 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then add eax, edi 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then loop 00403E23h 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then mov eax, 0042B000h 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then mov ebx, 0042E3D0h 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then sub ecx, eax 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then xor edx, edx 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then push eax 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then div edi 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then xchg eax, ecx 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then add eax, edi 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then loop 00403E83h 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: 4x nop then popad 9_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then pop edi 10_2_00430000
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then cmp eax, 00000000h 10_2_00430000
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then mov eax, ecx 10_2_00430000
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then xor edx, edx 10_2_00430000
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then je 00403D01h 10_2_00403CB3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then xor dword ptr [eax], ecx 10_2_00403CB3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then inc eax 10_2_00403CB3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then jne 00403CD7h 10_2_00403CB3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then mov eax, 0042B000h 10_2_00403CB3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then je 00403D37h 10_2_00403CB3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then xor dword ptr [eax], ecx 10_2_00403CB3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then add eax, 04h 10_2_00403CB3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then jne 00403D1Fh 10_2_00403CB3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then popad 10_2_00403CB3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then mov ecx, dword ptr [eax+04h] 10_2_00403D50
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then add ebx, 04h 10_2_00403D50
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then jl 00403D74h 10_2_00403D50
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then add eax, 0Ch 10_2_00403D50
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then popad 10_2_00403D50
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then pop edi 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then mov ebx, 00408F6Ch 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then sub ecx, eax 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then xor edx, edx 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then push eax 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then div edi 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then xchg eax, ecx 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then add eax, edi 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then loop 00403E23h 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then mov eax, 0042B000h 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then mov ebx, 0042E3D0h 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then sub ecx, eax 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then xor edx, edx 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then push eax 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then div edi 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then xchg eax, ecx 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then add eax, edi 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then loop 00403E83h 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then popad 10_2_00403DC3
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then pop edi 10_2_0042FE60
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then cmp eax, 00000000h 10_2_0042FE60
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then mov eax, ecx 10_2_0042FE60
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: 4x nop then xor edx, edx 10_2_0042FE60
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then cmp eax, ebx 11_2_00430000
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then mov eax, 0042B000h 11_2_00430000
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then add eax, 04h 11_2_00430000
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then jmp 00401219h 11_2_00430000
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then je 00403D01h 11_2_00403CB3
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then xor dword ptr [eax], ecx 11_2_00403CB3
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then inc eax 11_2_00403CB3
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then jne 00403CD7h 11_2_00403CB3
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then mov eax, 0042B000h 11_2_00403CB3
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then je 00403D37h 11_2_00403CB3
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then xor dword ptr [eax], ecx 11_2_00403CB3
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then add eax, 04h 11_2_00403CB3
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then jne 00403D1Fh 11_2_00403CB3
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then popad 11_2_00403CB3
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then mov ecx, dword ptr [eax+04h] 11_2_00403D50
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then add ebx, 04h 11_2_00403D50
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then jl 00403D74h 11_2_00403D50
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then add eax, 0Ch 11_2_00403D50
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then popad 11_2_00403D50
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then pop edi 11_2_00403DC3
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: 4x nop then mov ebx, 00408F6Ch 11_2_00403DC3
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://asechka.ru/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://color-bank.ru/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://crutop.nu
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://crutop.nu/index.htm
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://crutop.nu/index.php
Source: Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe, 0000000A.00000002.1981500181.000000000042B000.00000004.00000001.01000000.0000000D.sdmp, Kjjlpk32.exe, 0000000B.00000002.1982562302.000000000042B000.00000004.00000001.01000000.0000000E.sdmp, Kkjhjn32.exe, 0000000C.00000002.1985567194.000000000042B000.00000004.00000001.01000000.0000000F.sdmp, Khnicb32.exe, 0000000D.00000002.1987471681.000000000042B000.00000004.00000001.01000000.00000010.sdmp, Khbbobom.exe, 0000000E.00000002.1988693951.000000000042B000.00000004.00000001.01000000.00000011.sdmp, Lbmcmgck.exe, 0000000F.00000002.1990432302.000000000042B000.00000004.00000001.01000000.00000012.sdmp, Lqbqnc32.exe, 00000010.00000002.1991869947.000000000042B000.00000004.00000001.01000000.00000013.sdmp, Lileeqgb.exe, 00000011.00000002.1992970209.000000000042B000.00000004.00000001.01000000.00000014.sdmp, Lgqbfmlj.exe, 00000012.00000002.1994565007.000000000042B000.00000004.00000001.01000000.00000015.sdmp, Mbiciein.exe, 00000013.00000002.1996078881.000000000042B000.00000004.00000001.01000000.00000016.sdmp, Mnodnfob.exe, 00000014.00000002.1997305400.000000000042B000.00000004.00000001.01000000.00000017.sdmp String found in binary or memory: http://crutop.nu/index.phphttp://crutop.ru/index.phphttp://mazafaka.ru/index.phphttp://color-bank.ru
Source: Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe, 0000000A.00000002.1981500181.000000000042B000.00000004.00000001.01000000.0000000D.sdmp, Kjjlpk32.exe, 0000000B.00000002.1982562302.000000000042B000.00000004.00000001.01000000.0000000E.sdmp, Kkjhjn32.exe, 0000000C.00000002.1985567194.000000000042B000.00000004.00000001.01000000.0000000F.sdmp, Khnicb32.exe, 0000000D.00000002.1987471681.000000000042B000.00000004.00000001.01000000.00000010.sdmp, Khbbobom.exe, 0000000E.00000002.1988693951.000000000042B000.00000004.00000001.01000000.00000011.sdmp, Lbmcmgck.exe, 0000000F.00000002.1990432302.000000000042B000.00000004.00000001.01000000.00000012.sdmp, Lqbqnc32.exe, 00000010.00000002.1991869947.000000000042B000.00000004.00000001.01000000.00000013.sdmp, Lileeqgb.exe, 00000011.00000002.1992970209.000000000042B000.00000004.00000001.01000000.00000014.sdmp, Lgqbfmlj.exe, 00000012.00000002.1994565007.000000000042B000.00000004.00000001.01000000.00000015.sdmp, Mbiciein.exe, 00000013.00000002.1996078881.000000000042B000.00000004.00000001.01000000.00000016.sdmp, Mnodnfob.exe, 00000014.00000002.1997305400.000000000042B000.00000004.00000001.01000000.00000017.sdmp String found in binary or memory: http://crutop.nuAWM
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://crutop.ru/index.htm
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://crutop.ru/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://cvv.ru/index.htm
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://cvv.ru/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://devx.nm.ru/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://fethard.biz/index.htm
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://fethard.biz/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://filesearch.ru/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://fuck.ru/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://gaz-prom.ru/index.htm
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://goldensand.ru/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://hackers.lv/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://kadet.ru/index.htm
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://kavkaz.ru/index.htm
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://kidos-bank.ru/index.htm
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://konfiskat.org/index.htm
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://ldark.nm.ru/index.htm
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://lovingod.host.sk/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://mazafaka.ru/index.htm
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://mazafaka.ru/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://parex-bank.ru/index.htm
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://potleaf.chat.ru/index.htm
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://promo.ru/index.htm
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://ros-neftbank.ru/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://trojan.ru/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://www.redline.ru/index.php
Source: Xtks4KI16J.exe, Xtks4KI16J.exe, 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, Ikgcna32.exe, Ikgcna32.exe, 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, Idogffko.exe, Idogffko.exe, 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, Ipfhkgac.exe, Ipfhkgac.exe, 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, Ikklipqi.exe, Ikklipqi.exe, 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, Jddqaf32.exe, Jddqaf32.exe, 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, Jjqijmeq.exe, Jjqijmeq.exe, 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, Jgdjcadj.exe, Jgdjcadj.exe, 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, Jqmnlf32.exe, Jqmnlf32.exe, 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, Jkbbioja.exe, Jkbbioja.exe, 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, Jbogli32.exe String found in binary or memory: http://xware.cjb.net/index.htm

E-Banking Fraud
barindex
Yara detected Njrat
Source: Yara match File source: Xtks4KI16J.exe, type: SAMPLE
Source: Yara match File source: 37.3.Poeofa32.exe.81aabc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 31.3.Obbofa32.exe.72a3bc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.3.Mndmif32.exe.6ca364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.3.Kjjlpk32.exe.60a944.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.3.Xtks4KI16J.exe.54bf44.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.3.Ikklipqi.exe.64a3cc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.3.Jjqijmeq.exe.52997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.3.Ipfhkgac.exe.5d9814.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.3.Khbbobom.exe.61997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.3.Naipepdh.exe.7ba3cc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.3.Idogffko.exe.5ea36c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.3.Lgqbfmlj.exe.7aa944.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.3.Olpmjffk.exe.58a6d4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 33.3.Olmpdg32.exe.50997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.3.Mbiciein.exe.53a91c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.3.Jgdjcadj.exe.56a94c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 32.3.Ooipkb32.exe.61997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.3.Mnodnfob.exe.7a925c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.3.Nnmpodcb.exe.61957c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.3.Jddqaf32.exe.58925c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.3.Lileeqgb.exe.69a364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 33.3.Olmpdg32.exe.50997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.3.Jqmnlf32.exe.4c9754.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.3.Ikgcna32.exe.5e9814.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.3.Lileeqgb.exe.69a364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.3.Nlaqhh32.exe.6ea3b4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.3.Nbdbdc32.exe.78a94c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.3.Jddqaf32.exe.58925c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 36.3.Pkgfpbhq.exe.50a364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.3.Jgdjcadj.exe.56a94c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.3.Maefjq32.exe.6f9254.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.3.Khnicb32.exe.64a624.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 35.3.Plbiofci.exe.79997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.3.Idogffko.exe.5ea36c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.3.Jbogli32.exe.5b9254.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.3.Kkjhjn32.exe.50997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 32.3.Ooipkb32.exe.61997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.3.Ikklipqi.exe.64a3cc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.3.Mhlaakam.exe.4dc24c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.3.Mhlaakam.exe.4dc24c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.3.Mbiciein.exe.53a91c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 39.3.Peadik32.exe.55bd9c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 39.3.Peadik32.exe.55bd9c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.3.Mnodnfob.exe.7a925c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.3.Ikgcna32.exe.5e9814.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.3.Jqmnlf32.exe.4c9754.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.3.Poeofa32.exe.81aabc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 36.3.Pkgfpbhq.exe.50a364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 38.3.Pklpkb32.exe.7aa984.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.3.Lbmcmgck.exe.5b957c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.3.Khbbobom.exe.61997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.3.Nnmpodcb.exe.61957c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.3.Jbogli32.exe.5b9254.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.3.Kkjhjn32.exe.50997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.3.Olpmjffk.exe.58a6d4.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.3.Kjjlpk32.exe.60a944.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 29.3.Njfmiegc.exe.66a364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.3.Oihnglob.exe.5b997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.3.Nlaqhh32.exe.6ea3b4.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.3.Ipfhkgac.exe.5d9814.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.3.Jkbbioja.exe.7b997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.3.Lbmcmgck.exe.5b957c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.3.Maefjq32.exe.6f9254.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 35.3.Plbiofci.exe.79997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.3.Khnicb32.exe.64a624.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.3.Lqbqnc32.exe.6c9254.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.3.Mndmif32.exe.6ca364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.3.Naipepdh.exe.7ba3cc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.3.Jjqijmeq.exe.52997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.3.Mapmoalc.exe.6d997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.3.Mapmoalc.exe.6d997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 29.3.Njfmiegc.exe.66a364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.3.Nbdbdc32.exe.78a94c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 38.3.Pklpkb32.exe.7aa984.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.3.Lgqbfmlj.exe.7aa944.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.3.Jkbbioja.exe.7b997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 31.3.Obbofa32.exe.72a3bc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.3.Oihnglob.exe.5b997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.3.Lqbqnc32.exe.6c9254.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.3.Xtks4KI16J.exe.54bf44.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000012.00000003.1688164672.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000003.1697552383.0000000000797000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000003.1694510887.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000003.1701418557.0000000000625000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000003.1694286330.0000000000498000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.1671203618.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.1676781348.00000000005E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000003.1683462189.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.1670457993.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000003.1672819793.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000003.1684949314.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000003.1693116752.0000000000685000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000021.00000003.1705228208.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.1668782636.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000003.1703656412.0000000000707000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000021.00000003.1705639249.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000003.1709294497.00000000004C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000003.1690898361.0000000000786000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000003.1706530374.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000003.1710074051.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000003.1704430325.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000003.1674880791.0000000000796000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000003.1687305020.0000000000677000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000003.1667291116.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000003.1699661136.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000003.1703055149.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000003.1695645633.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1667029266.0000000000529000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000003.1672114191.0000000000526000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000003.1695959573.0000000000746000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000003.1707729803.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000003.1692151763.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.1679986428.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000003.1702063579.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000003.1677476799.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000003.1710369558.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000003.1694223714.00000000004B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000003.1702539267.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000003.1667894302.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000003.1690653470.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000003.1697597168.0000000000775000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000003.1672430705.0000000000547000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000003.1710709203.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.1668815811.00000000005A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000003.1712420174.0000000000518000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000003.1671436205.0000000000506000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000003.1681947520.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000023.00000003.1707981977.0000000000776000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.1681569219.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.1669744969.0000000000606000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000003.1673624988.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.1670200142.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000003.1691398102.0000000000786000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.1676450226.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000003.1701115040.0000000000647000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000003.1698913597.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000003.1674489593.0000000000796000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000003.1689381091.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000003.1686405855.0000000000656000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000003.1671740347.0000000000506000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000003.1686155433.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000003.1688636072.0000000000787000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1667061193.0000000000508000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.1669035615.00000000005B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000026.00000003.1711570308.0000000000787000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000003.1699181347.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000003.1682561869.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000003.1697850395.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000003.1703953725.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000003.1684599558.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000003.1696422787.0000000000767000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000003.1676196679.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.1669512206.00000000005B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000003.1693082181.00000000006A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000003.1691808934.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000003.1712314991.0000000000539000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000023.00000003.1708810484.0000000000776000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000003.1678785309.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Xtks4KI16J.exe PID: 1620, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ikgcna32.exe PID: 5228, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Idogffko.exe PID: 4484, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ipfhkgac.exe PID: 3300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ikklipqi.exe PID: 5824, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jddqaf32.exe PID: 4564, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jjqijmeq.exe PID: 3632, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jgdjcadj.exe PID: 2596, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jqmnlf32.exe PID: 6748, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jkbbioja.exe PID: 4280, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jbogli32.exe PID: 6008, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Kjjlpk32.exe PID: 6668, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Kkjhjn32.exe PID: 7112, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Khnicb32.exe PID: 7184, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Khbbobom.exe PID: 7200, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lbmcmgck.exe PID: 7216, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lqbqnc32.exe PID: 7232, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lileeqgb.exe PID: 7248, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lgqbfmlj.exe PID: 7264, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mbiciein.exe PID: 7284, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mnodnfob.exe PID: 7300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mapmoalc.exe PID: 7320, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mndmif32.exe PID: 7336, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mhlaakam.exe PID: 7352, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Maefjq32.exe PID: 7368, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nbdbdc32.exe PID: 7384, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Naipepdh.exe PID: 7400, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nnmpodcb.exe PID: 7416, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nlaqhh32.exe PID: 7432, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Njfmiegc.exe PID: 7448, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Oihnglob.exe PID: 7464, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Obbofa32.exe PID: 7480, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ooipkb32.exe PID: 7496, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Olmpdg32.exe PID: 7512, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Olpmjffk.exe PID: 7532, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Plbiofci.exe PID: 7548, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Pkgfpbhq.exe PID: 7572, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Poeofa32.exe PID: 7588, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Pklpkb32.exe PID: 7604, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Peadik32.exe PID: 7620, type: MEMORYSTR
Source: Yara match File source: C:\Windows\SysWOW64\Peadik32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lileeqgb.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Pkgfpbhq.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Olpmjffk.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Kkjhjn32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lbmcmgck.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Olmpdg32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jqmnlf32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mndmif32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Njfmiegc.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mapmoalc.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mbiciein.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Poeofa32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jjqijmeq.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Pojhapkb.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Nnmpodcb.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lqbqnc32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jbogli32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Naipepdh.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lgqbfmlj.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ikgcna32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Nbdbdc32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Khnicb32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mhlaakam.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ikklipqi.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jddqaf32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Idogffko.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ipfhkgac.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Plbiofci.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Khbbobom.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jgdjcadj.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ooipkb32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Obbofa32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Nlaqhh32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Kjjlpk32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Oihnglob.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Pklpkb32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jkbbioja.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Maefjq32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mnodnfob.exe, type: DROPPED

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: Xtks4KI16J.exe, type: SAMPLE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: Xtks4KI16J.exe, type: SAMPLE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: Xtks4KI16J.exe, type: SAMPLE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: Xtks4KI16J.exe, type: SAMPLE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 37.3.Poeofa32.exe.81aabc.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 37.3.Poeofa32.exe.81aabc.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 37.3.Poeofa32.exe.81aabc.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 37.3.Poeofa32.exe.81aabc.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 37.3.Poeofa32.exe.81aabc.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 31.3.Obbofa32.exe.72a3bc.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 31.3.Obbofa32.exe.72a3bc.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 31.3.Obbofa32.exe.72a3bc.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 31.3.Obbofa32.exe.72a3bc.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 31.3.Obbofa32.exe.72a3bc.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 22.3.Mndmif32.exe.6ca364.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 22.3.Mndmif32.exe.6ca364.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 22.3.Mndmif32.exe.6ca364.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 22.3.Mndmif32.exe.6ca364.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 11.3.Kjjlpk32.exe.60a944.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 11.3.Kjjlpk32.exe.60a944.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 11.3.Kjjlpk32.exe.60a944.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 11.3.Kjjlpk32.exe.60a944.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 11.3.Kjjlpk32.exe.60a944.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 0.3.Xtks4KI16J.exe.54bf44.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0.3.Xtks4KI16J.exe.54bf44.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 0.3.Xtks4KI16J.exe.54bf44.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0.3.Xtks4KI16J.exe.54bf44.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0.3.Xtks4KI16J.exe.54bf44.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 4.3.Ikklipqi.exe.64a3cc.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 4.3.Ikklipqi.exe.64a3cc.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 4.3.Ikklipqi.exe.64a3cc.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 4.3.Ikklipqi.exe.64a3cc.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 4.3.Ikklipqi.exe.64a3cc.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 6.3.Jjqijmeq.exe.52997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 6.3.Jjqijmeq.exe.52997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 6.3.Jjqijmeq.exe.52997c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 6.3.Jjqijmeq.exe.52997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 3.3.Ipfhkgac.exe.5d9814.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 3.3.Ipfhkgac.exe.5d9814.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 3.3.Ipfhkgac.exe.5d9814.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 3.3.Ipfhkgac.exe.5d9814.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 14.3.Khbbobom.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 26.3.Naipepdh.exe.7ba3cc.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 26.3.Naipepdh.exe.7ba3cc.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 26.3.Naipepdh.exe.7ba3cc.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 26.3.Naipepdh.exe.7ba3cc.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 26.3.Naipepdh.exe.7ba3cc.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 14.3.Khbbobom.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 14.3.Khbbobom.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 14.3.Khbbobom.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 2.3.Idogffko.exe.5ea36c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 2.3.Idogffko.exe.5ea36c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 2.3.Idogffko.exe.5ea36c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 2.3.Idogffko.exe.5ea36c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 2.3.Idogffko.exe.5ea36c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 18.3.Lgqbfmlj.exe.7aa944.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 18.3.Lgqbfmlj.exe.7aa944.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 18.3.Lgqbfmlj.exe.7aa944.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 18.3.Lgqbfmlj.exe.7aa944.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 18.3.Lgqbfmlj.exe.7aa944.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 34.3.Olpmjffk.exe.58a6d4.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 34.3.Olpmjffk.exe.58a6d4.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 34.3.Olpmjffk.exe.58a6d4.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 34.3.Olpmjffk.exe.58a6d4.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 33.3.Olmpdg32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 33.3.Olmpdg32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 33.3.Olmpdg32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 33.3.Olmpdg32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 33.3.Olmpdg32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 19.3.Mbiciein.exe.53a91c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 19.3.Mbiciein.exe.53a91c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 19.3.Mbiciein.exe.53a91c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 19.3.Mbiciein.exe.53a91c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 7.3.Jgdjcadj.exe.56a94c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 7.3.Jgdjcadj.exe.56a94c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 7.3.Jgdjcadj.exe.56a94c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 7.3.Jgdjcadj.exe.56a94c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 7.3.Jgdjcadj.exe.56a94c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 32.3.Ooipkb32.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 32.3.Ooipkb32.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 32.3.Ooipkb32.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 32.3.Ooipkb32.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 20.3.Mnodnfob.exe.7a925c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 20.3.Mnodnfob.exe.7a925c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 20.3.Mnodnfob.exe.7a925c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 20.3.Mnodnfob.exe.7a925c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 27.3.Nnmpodcb.exe.61957c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 27.3.Nnmpodcb.exe.61957c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 27.3.Nnmpodcb.exe.61957c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 27.3.Nnmpodcb.exe.61957c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 5.3.Jddqaf32.exe.58925c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 5.3.Jddqaf32.exe.58925c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 5.3.Jddqaf32.exe.58925c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 5.3.Jddqaf32.exe.58925c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 17.3.Lileeqgb.exe.69a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 17.3.Lileeqgb.exe.69a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 17.3.Lileeqgb.exe.69a364.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 17.3.Lileeqgb.exe.69a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 33.3.Olmpdg32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 33.3.Olmpdg32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 33.3.Olmpdg32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 33.3.Olmpdg32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 8.3.Jqmnlf32.exe.4c9754.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 8.3.Jqmnlf32.exe.4c9754.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 8.3.Jqmnlf32.exe.4c9754.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 8.3.Jqmnlf32.exe.4c9754.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 8.3.Jqmnlf32.exe.4c9754.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 1.3.Ikgcna32.exe.5e9814.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 1.3.Ikgcna32.exe.5e9814.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 1.3.Ikgcna32.exe.5e9814.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 1.3.Ikgcna32.exe.5e9814.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 1.3.Ikgcna32.exe.5e9814.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 17.3.Lileeqgb.exe.69a364.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 17.3.Lileeqgb.exe.69a364.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 17.3.Lileeqgb.exe.69a364.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 17.3.Lileeqgb.exe.69a364.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 17.3.Lileeqgb.exe.69a364.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 25.3.Nbdbdc32.exe.78a94c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 25.3.Nbdbdc32.exe.78a94c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 25.3.Nbdbdc32.exe.78a94c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 25.3.Nbdbdc32.exe.78a94c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 25.3.Nbdbdc32.exe.78a94c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 5.3.Jddqaf32.exe.58925c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 5.3.Jddqaf32.exe.58925c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 5.3.Jddqaf32.exe.58925c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 5.3.Jddqaf32.exe.58925c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 5.3.Jddqaf32.exe.58925c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 36.3.Pkgfpbhq.exe.50a364.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 36.3.Pkgfpbhq.exe.50a364.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 36.3.Pkgfpbhq.exe.50a364.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 36.3.Pkgfpbhq.exe.50a364.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 36.3.Pkgfpbhq.exe.50a364.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 7.3.Jgdjcadj.exe.56a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 7.3.Jgdjcadj.exe.56a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 7.3.Jgdjcadj.exe.56a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 7.3.Jgdjcadj.exe.56a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 24.3.Maefjq32.exe.6f9254.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 24.3.Maefjq32.exe.6f9254.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 24.3.Maefjq32.exe.6f9254.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 24.3.Maefjq32.exe.6f9254.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 24.3.Maefjq32.exe.6f9254.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 13.3.Khnicb32.exe.64a624.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 13.3.Khnicb32.exe.64a624.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 13.3.Khnicb32.exe.64a624.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 13.3.Khnicb32.exe.64a624.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 13.3.Khnicb32.exe.64a624.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 35.3.Plbiofci.exe.79997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 35.3.Plbiofci.exe.79997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 35.3.Plbiofci.exe.79997c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 35.3.Plbiofci.exe.79997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 2.3.Idogffko.exe.5ea36c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 2.3.Idogffko.exe.5ea36c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 10.3.Jbogli32.exe.5b9254.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 2.3.Idogffko.exe.5ea36c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 2.3.Idogffko.exe.5ea36c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 10.3.Jbogli32.exe.5b9254.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 10.3.Jbogli32.exe.5b9254.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 10.3.Jbogli32.exe.5b9254.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 10.3.Jbogli32.exe.5b9254.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 12.3.Kkjhjn32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 12.3.Kkjhjn32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 12.3.Kkjhjn32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 12.3.Kkjhjn32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 32.3.Ooipkb32.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 32.3.Ooipkb32.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 32.3.Ooipkb32.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 32.3.Ooipkb32.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 32.3.Ooipkb32.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 12.3.Kkjhjn32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 4.3.Ikklipqi.exe.64a3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 4.3.Ikklipqi.exe.64a3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 4.3.Ikklipqi.exe.64a3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 4.3.Ikklipqi.exe.64a3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 23.3.Mhlaakam.exe.4dc24c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 23.3.Mhlaakam.exe.4dc24c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 23.3.Mhlaakam.exe.4dc24c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 23.3.Mhlaakam.exe.4dc24c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 23.3.Mhlaakam.exe.4dc24c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 23.3.Mhlaakam.exe.4dc24c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 23.3.Mhlaakam.exe.4dc24c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 23.3.Mhlaakam.exe.4dc24c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 23.3.Mhlaakam.exe.4dc24c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 19.3.Mbiciein.exe.53a91c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 19.3.Mbiciein.exe.53a91c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 19.3.Mbiciein.exe.53a91c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 19.3.Mbiciein.exe.53a91c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 19.3.Mbiciein.exe.53a91c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 39.3.Peadik32.exe.55bd9c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 39.3.Peadik32.exe.55bd9c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 39.3.Peadik32.exe.55bd9c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 39.3.Peadik32.exe.55bd9c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 39.3.Peadik32.exe.55bd9c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 39.3.Peadik32.exe.55bd9c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 39.3.Peadik32.exe.55bd9c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 39.3.Peadik32.exe.55bd9c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 39.3.Peadik32.exe.55bd9c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 20.3.Mnodnfob.exe.7a925c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 20.3.Mnodnfob.exe.7a925c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 20.3.Mnodnfob.exe.7a925c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 20.3.Mnodnfob.exe.7a925c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 20.3.Mnodnfob.exe.7a925c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 1.3.Ikgcna32.exe.5e9814.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 1.3.Ikgcna32.exe.5e9814.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 1.3.Ikgcna32.exe.5e9814.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 1.3.Ikgcna32.exe.5e9814.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 37.3.Poeofa32.exe.81aabc.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 8.3.Jqmnlf32.exe.4c9754.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 37.3.Poeofa32.exe.81aabc.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 37.3.Poeofa32.exe.81aabc.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 37.3.Poeofa32.exe.81aabc.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 8.3.Jqmnlf32.exe.4c9754.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 8.3.Jqmnlf32.exe.4c9754.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 8.3.Jqmnlf32.exe.4c9754.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 36.3.Pkgfpbhq.exe.50a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 36.3.Pkgfpbhq.exe.50a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 36.3.Pkgfpbhq.exe.50a364.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 36.3.Pkgfpbhq.exe.50a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 38.3.Pklpkb32.exe.7aa984.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 38.3.Pklpkb32.exe.7aa984.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 38.3.Pklpkb32.exe.7aa984.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 38.3.Pklpkb32.exe.7aa984.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 15.3.Lbmcmgck.exe.5b957c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 15.3.Lbmcmgck.exe.5b957c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 15.3.Lbmcmgck.exe.5b957c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 15.3.Lbmcmgck.exe.5b957c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 14.3.Khbbobom.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 14.3.Khbbobom.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 14.3.Khbbobom.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 14.3.Khbbobom.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 14.3.Khbbobom.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 27.3.Nnmpodcb.exe.61957c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 27.3.Nnmpodcb.exe.61957c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 27.3.Nnmpodcb.exe.61957c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 27.3.Nnmpodcb.exe.61957c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 27.3.Nnmpodcb.exe.61957c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 12.3.Kkjhjn32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 10.3.Jbogli32.exe.5b9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 10.3.Jbogli32.exe.5b9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 10.3.Jbogli32.exe.5b9254.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 10.3.Jbogli32.exe.5b9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 12.3.Kkjhjn32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 12.3.Kkjhjn32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 12.3.Kkjhjn32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 34.3.Olpmjffk.exe.58a6d4.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 34.3.Olpmjffk.exe.58a6d4.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 34.3.Olpmjffk.exe.58a6d4.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 34.3.Olpmjffk.exe.58a6d4.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 34.3.Olpmjffk.exe.58a6d4.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 11.3.Kjjlpk32.exe.60a944.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 11.3.Kjjlpk32.exe.60a944.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 11.3.Kjjlpk32.exe.60a944.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 11.3.Kjjlpk32.exe.60a944.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 29.3.Njfmiegc.exe.66a364.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 29.3.Njfmiegc.exe.66a364.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 29.3.Njfmiegc.exe.66a364.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 29.3.Njfmiegc.exe.66a364.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 29.3.Njfmiegc.exe.66a364.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 30.3.Oihnglob.exe.5b997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 30.3.Oihnglob.exe.5b997c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 30.3.Oihnglob.exe.5b997c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 30.3.Oihnglob.exe.5b997c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 30.3.Oihnglob.exe.5b997c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 3.3.Ipfhkgac.exe.5d9814.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 3.3.Ipfhkgac.exe.5d9814.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 3.3.Ipfhkgac.exe.5d9814.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 3.3.Ipfhkgac.exe.5d9814.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 3.3.Ipfhkgac.exe.5d9814.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 9.3.Jkbbioja.exe.7b997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 9.3.Jkbbioja.exe.7b997c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 9.3.Jkbbioja.exe.7b997c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 9.3.Jkbbioja.exe.7b997c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 9.3.Jkbbioja.exe.7b997c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 15.3.Lbmcmgck.exe.5b957c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 15.3.Lbmcmgck.exe.5b957c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 15.3.Lbmcmgck.exe.5b957c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 15.3.Lbmcmgck.exe.5b957c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 15.3.Lbmcmgck.exe.5b957c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 24.3.Maefjq32.exe.6f9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 24.3.Maefjq32.exe.6f9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 24.3.Maefjq32.exe.6f9254.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 24.3.Maefjq32.exe.6f9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 35.3.Plbiofci.exe.79997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 35.3.Plbiofci.exe.79997c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 35.3.Plbiofci.exe.79997c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 35.3.Plbiofci.exe.79997c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 35.3.Plbiofci.exe.79997c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 13.3.Khnicb32.exe.64a624.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 13.3.Khnicb32.exe.64a624.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 13.3.Khnicb32.exe.64a624.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 13.3.Khnicb32.exe.64a624.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 16.3.Lqbqnc32.exe.6c9254.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 16.3.Lqbqnc32.exe.6c9254.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 16.3.Lqbqnc32.exe.6c9254.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 16.3.Lqbqnc32.exe.6c9254.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 16.3.Lqbqnc32.exe.6c9254.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 22.3.Mndmif32.exe.6ca364.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 22.3.Mndmif32.exe.6ca364.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 22.3.Mndmif32.exe.6ca364.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 22.3.Mndmif32.exe.6ca364.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 22.3.Mndmif32.exe.6ca364.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 26.3.Naipepdh.exe.7ba3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 26.3.Naipepdh.exe.7ba3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 26.3.Naipepdh.exe.7ba3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 26.3.Naipepdh.exe.7ba3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 6.3.Jjqijmeq.exe.52997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 6.3.Jjqijmeq.exe.52997c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 6.3.Jjqijmeq.exe.52997c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 6.3.Jjqijmeq.exe.52997c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 6.3.Jjqijmeq.exe.52997c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 21.3.Mapmoalc.exe.6d997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 21.3.Mapmoalc.exe.6d997c.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 21.3.Mapmoalc.exe.6d997c.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 21.3.Mapmoalc.exe.6d997c.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 21.3.Mapmoalc.exe.6d997c.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 21.3.Mapmoalc.exe.6d997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 21.3.Mapmoalc.exe.6d997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 21.3.Mapmoalc.exe.6d997c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 21.3.Mapmoalc.exe.6d997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 29.3.Njfmiegc.exe.66a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 25.3.Nbdbdc32.exe.78a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 25.3.Nbdbdc32.exe.78a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 25.3.Nbdbdc32.exe.78a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 25.3.Nbdbdc32.exe.78a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 29.3.Njfmiegc.exe.66a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 29.3.Njfmiegc.exe.66a364.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 29.3.Njfmiegc.exe.66a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 38.3.Pklpkb32.exe.7aa984.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 38.3.Pklpkb32.exe.7aa984.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 38.3.Pklpkb32.exe.7aa984.0.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 38.3.Pklpkb32.exe.7aa984.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 38.3.Pklpkb32.exe.7aa984.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 18.3.Lgqbfmlj.exe.7aa944.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 18.3.Lgqbfmlj.exe.7aa944.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 18.3.Lgqbfmlj.exe.7aa944.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 18.3.Lgqbfmlj.exe.7aa944.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 9.3.Jkbbioja.exe.7b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 9.3.Jkbbioja.exe.7b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 9.3.Jkbbioja.exe.7b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 9.3.Jkbbioja.exe.7b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 31.3.Obbofa32.exe.72a3bc.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 31.3.Obbofa32.exe.72a3bc.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 31.3.Obbofa32.exe.72a3bc.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 31.3.Obbofa32.exe.72a3bc.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 30.3.Oihnglob.exe.5b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 30.3.Oihnglob.exe.5b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 30.3.Oihnglob.exe.5b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 30.3.Oihnglob.exe.5b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 16.3.Lqbqnc32.exe.6c9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 16.3.Lqbqnc32.exe.6c9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 16.3.Lqbqnc32.exe.6c9254.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 16.3.Lqbqnc32.exe.6c9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 0.3.Xtks4KI16J.exe.54bf44.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0.3.Xtks4KI16J.exe.54bf44.0.raw.unpack, type: UNPACKEDPE Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0.3.Xtks4KI16J.exe.54bf44.0.raw.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0.3.Xtks4KI16J.exe.54bf44.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 00000012.00000003.1688164672.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000012.00000003.1688164672.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000012.00000003.1688164672.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0000001A.00000003.1697552383.0000000000797000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0000001A.00000003.1697552383.0000000000797000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0000001A.00000003.1697552383.0000000000797000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000018.00000003.1694510887.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000018.00000003.1694510887.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000018.00000003.1694510887.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0000001D.00000003.1701418557.0000000000625000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0000001D.00000003.1701418557.0000000000625000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0000001D.00000003.1701418557.0000000000625000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000017.00000003.1694286330.0000000000498000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000017.00000003.1694286330.0000000000498000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000017.00000003.1694286330.0000000000498000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000005.00000003.1671203618.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000005.00000003.1671203618.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000005.00000003.1671203618.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0000000B.00000003.1676781348.00000000005E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0000000B.00000003.1676781348.00000000005E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0000000B.00000003.1676781348.00000000005E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0000000F.00000003.1683462189.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0000000F.00000003.1683462189.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0000000F.00000003.1683462189.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000005.00000003.1670457993.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000005.00000003.1670457993.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000005.00000003.1670457993.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000003.1672819793.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000008.00000003.1672819793.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000008.00000003.1672819793.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000010.00000003.1684949314.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000010.00000003.1684949314.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000010.00000003.1684949314.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000016.00000003.1693116752.0000000000685000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000016.00000003.1693116752.0000000000685000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000016.00000003.1693116752.0000000000685000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000021.00000003.1705228208.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000021.00000003.1705228208.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000021.00000003.1705228208.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000003.1668782636.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000002.00000003.1668782636.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000002.00000003.1668782636.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0000001F.00000003.1703656412.0000000000707000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0000001F.00000003.1703656412.0000000000707000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0000001F.00000003.1703656412.0000000000707000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000021.00000003.1705639249.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000021.00000003.1705639249.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000021.00000003.1705639249.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000024.00000003.1709294497.00000000004C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000024.00000003.1709294497.00000000004C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000024.00000003.1709294497.00000000004C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000014.00000003.1690898361.0000000000786000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000014.00000003.1690898361.0000000000786000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000014.00000003.1690898361.0000000000786000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000022.00000003.1706530374.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000022.00000003.1706530374.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000022.00000003.1706530374.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000024.00000003.1710074051.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000024.00000003.1710074051.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000024.00000003.1710074051.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000020.00000003.1704430325.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000020.00000003.1704430325.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000020.00000003.1704430325.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000009.00000003.1674880791.0000000000796000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000009.00000003.1674880791.0000000000796000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000009.00000003.1674880791.0000000000796000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000011.00000003.1687305020.0000000000677000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000011.00000003.1687305020.0000000000677000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000011.00000003.1687305020.0000000000677000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000001.00000003.1667291116.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000001.00000003.1667291116.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000001.00000003.1667291116.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0000001C.00000003.1699661136.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0000001C.00000003.1699661136.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0000001C.00000003.1699661136.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0000001F.00000003.1703055149.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0000001F.00000003.1703055149.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0000001F.00000003.1703055149.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000018.00000003.1695645633.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000018.00000003.1695645633.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000018.00000003.1695645633.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000003.1667029266.0000000000529000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000000.00000003.1667029266.0000000000529000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000000.00000003.1667029266.0000000000529000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000007.00000003.1672114191.0000000000526000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000007.00000003.1672114191.0000000000526000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000007.00000003.1672114191.0000000000526000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000019.00000003.1695959573.0000000000746000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000019.00000003.1695959573.0000000000746000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000019.00000003.1695959573.0000000000746000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000022.00000003.1707729803.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000022.00000003.1707729803.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000022.00000003.1707729803.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000015.00000003.1692151763.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000015.00000003.1692151763.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000015.00000003.1692151763.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0000000D.00000003.1679986428.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0000000D.00000003.1679986428.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0000000D.00000003.1679986428.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0000001E.00000003.1702063579.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0000001E.00000003.1702063579.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0000001E.00000003.1702063579.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0000000C.00000003.1677476799.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0000000C.00000003.1677476799.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0000000C.00000003.1677476799.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000025.00000003.1710369558.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000025.00000003.1710369558.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000025.00000003.1710369558.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000017.00000003.1694223714.00000000004B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000017.00000003.1694223714.00000000004B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000017.00000003.1694223714.00000000004B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0000001E.00000003.1702539267.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0000001E.00000003.1702539267.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0000001E.00000003.1702539267.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000001.00000003.1667894302.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000001.00000003.1667894302.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000001.00000003.1667894302.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000013.00000003.1690653470.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000013.00000003.1690653470.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000013.00000003.1690653470.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0000001A.00000003.1697597168.0000000000775000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0000001A.00000003.1697597168.0000000000775000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0000001A.00000003.1697597168.0000000000775000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000007.00000003.1672430705.0000000000547000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000007.00000003.1672430705.0000000000547000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000007.00000003.1672430705.0000000000547000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000025.00000003.1710709203.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000025.00000003.1710709203.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000025.00000003.1710709203.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000003.1668815811.00000000005A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000002.00000003.1668815811.00000000005A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000002.00000003.1668815811.00000000005A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000027.00000003.1712420174.0000000000518000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000027.00000003.1712420174.0000000000518000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000027.00000003.1712420174.0000000000518000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000006.00000003.1671436205.0000000000506000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
PE file has a writeable .text section
Source: Xtks4KI16J.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Ikgcna32.exe.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Idogffko.exe.1.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Ipfhkgac.exe.2.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Ikklipqi.exe.3.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Jddqaf32.exe.4.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Jjqijmeq.exe.5.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Jgdjcadj.exe.6.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Jqmnlf32.exe.7.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Jkbbioja.exe.8.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Jbogli32.exe.9.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Kjjlpk32.exe.10.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Kkjhjn32.exe.11.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Khnicb32.exe.12.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Khbbobom.exe.13.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Lbmcmgck.exe.14.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Lqbqnc32.exe.15.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Lileeqgb.exe.16.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Lgqbfmlj.exe.17.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Mbiciein.exe.18.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Mnodnfob.exe.19.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Mapmoalc.exe.20.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Mndmif32.exe.21.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Mhlaakam.exe.22.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Maefjq32.exe.23.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Nbdbdc32.exe.24.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Naipepdh.exe.25.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Nnmpodcb.exe.26.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Nlaqhh32.exe.27.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Njfmiegc.exe.28.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Oihnglob.exe.29.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Obbofa32.exe.30.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Ooipkb32.exe.31.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Olmpdg32.exe.32.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Olpmjffk.exe.33.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Plbiofci.exe.34.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Pkgfpbhq.exe.35.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Poeofa32.exe.36.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Pklpkb32.exe.37.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Peadik32.exe.38.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Pojhapkb.exe.39.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Creates files inside the system directory
Source: C:\Users\user\Desktop\Xtks4KI16J.exe File created: C:\Windows\SysWOW64\Ikgcna32.exe Jump to behavior
Source: C:\Users\user\Desktop\Xtks4KI16J.exe File created: C:\Windows\SysWOW64\Ikgcna32.exe:Zone.Identifier:$DATA Jump to behavior
Source: C:\Users\user\Desktop\Xtks4KI16J.exe File created: C:\Windows\SysWOW64\Hiiodl32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ikgcna32.exe File created: C:\Windows\SysWOW64\Idogffko.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ikgcna32.exe File created: C:\Windows\SysWOW64\Ojkfapce.dll Jump to behavior
Source: C:\Windows\SysWOW64\Idogffko.exe File created: C:\Windows\SysWOW64\Ipfhkgac.exe Jump to behavior
Source: C:\Windows\SysWOW64\Idogffko.exe File created: C:\Windows\SysWOW64\Qelfpmpj.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ipfhkgac.exe File created: C:\Windows\SysWOW64\Ikklipqi.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ipfhkgac.exe File created: C:\Windows\SysWOW64\Pkdiefem.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ikklipqi.exe File created: C:\Windows\SysWOW64\Jddqaf32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ikklipqi.exe File created: C:\Windows\SysWOW64\Ghhjiigd.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jddqaf32.exe File created: C:\Windows\SysWOW64\Jjqijmeq.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jddqaf32.exe File created: C:\Windows\SysWOW64\Ekicli32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jjqijmeq.exe File created: C:\Windows\SysWOW64\Jgdjcadj.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jjqijmeq.exe File created: C:\Windows\SysWOW64\Glblcojl.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jgdjcadj.exe File created: C:\Windows\SysWOW64\Jqmnlf32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jgdjcadj.exe File created: C:\Windows\SysWOW64\Ppgdmofd.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jqmnlf32.exe File created: C:\Windows\SysWOW64\Jkbbioja.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jqmnlf32.exe File created: C:\Windows\SysWOW64\Dblkhkce.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jkbbioja.exe File created: C:\Windows\SysWOW64\Jbogli32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jkbbioja.exe File created: C:\Windows\SysWOW64\Cacope32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jbogli32.exe File created: C:\Windows\SysWOW64\Kjjlpk32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jbogli32.exe File created: C:\Windows\SysWOW64\Egobfg32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Kjjlpk32.exe File created: C:\Windows\SysWOW64\Kkjhjn32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Kjjlpk32.exe File created: C:\Windows\SysWOW64\Gedgjccb.dll Jump to behavior
Source: C:\Windows\SysWOW64\Kkjhjn32.exe File created: C:\Windows\SysWOW64\Khnicb32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Kkjhjn32.exe File created: C:\Windows\SysWOW64\Jdhlnhlh.dll Jump to behavior
Source: C:\Windows\SysWOW64\Khnicb32.exe File created: C:\Windows\SysWOW64\Khbbobom.exe Jump to behavior
Source: C:\Windows\SysWOW64\Khnicb32.exe File created: C:\Windows\SysWOW64\Fpianhmj.dll Jump to behavior
Source: C:\Windows\SysWOW64\Khbbobom.exe File created: C:\Windows\SysWOW64\Lbmcmgck.exe Jump to behavior
Source: C:\Windows\SysWOW64\Khbbobom.exe File created: C:\Windows\SysWOW64\Cmjgejad.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lbmcmgck.exe File created: C:\Windows\SysWOW64\Lqbqnc32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Lbmcmgck.exe File created: C:\Windows\SysWOW64\Moqmapgi.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lqbqnc32.exe File created: C:\Windows\SysWOW64\Lileeqgb.exe Jump to behavior
Source: C:\Windows\SysWOW64\Lqbqnc32.exe File created: C:\Windows\SysWOW64\Beofla32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lileeqgb.exe File created: C:\Windows\SysWOW64\Lgqbfmlj.exe Jump to behavior
Source: C:\Windows\SysWOW64\Lileeqgb.exe File created: C:\Windows\SysWOW64\Pmallabk.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe File created: C:\Windows\SysWOW64\Mbiciein.exe Jump to behavior
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe File created: C:\Windows\SysWOW64\Oelbhifg.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mbiciein.exe File created: C:\Windows\SysWOW64\Mnodnfob.exe Jump to behavior
Source: C:\Windows\SysWOW64\Mbiciein.exe File created: C:\Windows\SysWOW64\Hdlllf32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mnodnfob.exe File created: C:\Windows\SysWOW64\Mapmoalc.exe Jump to behavior
Source: C:\Windows\SysWOW64\Mnodnfob.exe File created: C:\Windows\SysWOW64\Jebgbcgg.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mapmoalc.exe File created: C:\Windows\SysWOW64\Mndmif32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Mapmoalc.exe File created: C:\Windows\SysWOW64\Mmppcahg.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mndmif32.exe File created: C:\Windows\SysWOW64\Mhlaakam.exe Jump to behavior
Source: C:\Windows\SysWOW64\Mndmif32.exe File created: C:\Windows\SysWOW64\Ledhoq32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mhlaakam.exe File created: C:\Windows\SysWOW64\Maefjq32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Mhlaakam.exe File created: C:\Windows\SysWOW64\Epibpnek.dll Jump to behavior
Source: C:\Windows\SysWOW64\Maefjq32.exe File created: C:\Windows\SysWOW64\Nbdbdc32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Maefjq32.exe File created: C:\Windows\SysWOW64\Dajmooqf.dll Jump to behavior
Source: C:\Windows\SysWOW64\Nbdbdc32.exe File created: C:\Windows\SysWOW64\Naipepdh.exe
Source: C:\Windows\SysWOW64\Nbdbdc32.exe File created: C:\Windows\SysWOW64\Ckllojnq.dll
Source: C:\Windows\SysWOW64\Naipepdh.exe File created: C:\Windows\SysWOW64\Nnmpodcb.exe
Source: C:\Windows\SysWOW64\Naipepdh.exe File created: C:\Windows\SysWOW64\Biiggc32.dll
Source: C:\Windows\SysWOW64\Nnmpodcb.exe File created: C:\Windows\SysWOW64\Nlaqhh32.exe
Source: C:\Windows\SysWOW64\Nnmpodcb.exe File created: C:\Windows\SysWOW64\Pnnifl32.dll
Source: C:\Windows\SysWOW64\Nlaqhh32.exe File created: C:\Windows\SysWOW64\Njfmiegc.exe
Source: C:\Windows\SysWOW64\Nlaqhh32.exe File created: C:\Windows\SysWOW64\Jccpao32.dll
Source: C:\Windows\SysWOW64\Njfmiegc.exe File created: C:\Windows\SysWOW64\Oihnglob.exe
Source: C:\Windows\SysWOW64\Njfmiegc.exe File created: C:\Windows\SysWOW64\Efqdik32.dll
Source: C:\Windows\SysWOW64\Oihnglob.exe File created: C:\Windows\SysWOW64\Obbofa32.exe
Source: C:\Windows\SysWOW64\Oihnglob.exe File created: C:\Windows\SysWOW64\Hilimkhd.dll
Source: C:\Windows\SysWOW64\Obbofa32.exe File created: C:\Windows\SysWOW64\Ooipkb32.exe
Source: C:\Windows\SysWOW64\Obbofa32.exe File created: C:\Windows\SysWOW64\Jlihgcil.dll
Source: C:\Windows\SysWOW64\Ooipkb32.exe File created: C:\Windows\SysWOW64\Olmpdg32.exe
Source: C:\Windows\SysWOW64\Ooipkb32.exe File created: C:\Windows\SysWOW64\Mnjfhgoc.dll
Source: C:\Windows\SysWOW64\Olmpdg32.exe File created: C:\Windows\SysWOW64\Olpmjffk.exe
Source: C:\Windows\SysWOW64\Olmpdg32.exe File created: C:\Windows\SysWOW64\Nghjeepc.dll
Source: C:\Windows\SysWOW64\Olpmjffk.exe File created: C:\Windows\SysWOW64\Plbiofci.exe
Source: C:\Windows\SysWOW64\Olpmjffk.exe File created: C:\Windows\SysWOW64\Alqeloga.dll
Source: C:\Windows\SysWOW64\Plbiofci.exe File created: C:\Windows\SysWOW64\Pkgfpbhq.exe
Source: C:\Windows\SysWOW64\Plbiofci.exe File created: C:\Windows\SysWOW64\Jpjjpdfj.dll
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe File created: C:\Windows\SysWOW64\Poeofa32.exe
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe File created: C:\Windows\SysWOW64\Gjdogi32.dll
Source: C:\Windows\SysWOW64\Poeofa32.exe File created: C:\Windows\SysWOW64\Pklpkb32.exe
Source: C:\Windows\SysWOW64\Poeofa32.exe File created: C:\Windows\SysWOW64\Ocnhkj32.dll
Source: C:\Windows\SysWOW64\Pklpkb32.exe File created: C:\Windows\SysWOW64\Peadik32.exe
Source: C:\Windows\SysWOW64\Pklpkb32.exe File created: C:\Windows\SysWOW64\Ndbcmg32.dll
Source: C:\Windows\SysWOW64\Peadik32.exe File created: C:\Windows\SysWOW64\Pojhapkb.exe
Source: C:\Windows\SysWOW64\Peadik32.exe File created: C:\Windows\SysWOW64\Omfmbkgb.dll
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Ikgcna32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Mhlaakam.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Mhlaakam.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Ikklipqi.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Idogffko.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Lqbqnc32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Lqbqnc32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Olmpdg32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Olmpdg32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Lileeqgb.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Lileeqgb.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Obbofa32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Obbofa32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Nbdbdc32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Nbdbdc32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Nlaqhh32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Nlaqhh32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Khnicb32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Khnicb32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Lbmcmgck.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Lbmcmgck.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Mbiciein.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Mbiciein.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Jddqaf32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Mnodnfob.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Mnodnfob.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Peadik32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Peadik32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Jbogli32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Oihnglob.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Oihnglob.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Pklpkb32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Pklpkb32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Khbbobom.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Khbbobom.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Njfmiegc.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Njfmiegc.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Plbiofci.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Plbiofci.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Kkjhjn32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Kkjhjn32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Jkbbioja.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Nnmpodcb.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Nnmpodcb.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Olpmjffk.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Olpmjffk.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Poeofa32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Poeofa32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Mapmoalc.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Mapmoalc.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Mndmif32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Mndmif32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Maefjq32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Maefjq32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Ooipkb32.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Ooipkb32.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe Code function: String function: 00408F18 appears 42 times
Source: C:\Windows\SysWOW64\Naipepdh.exe Code function: String function: 00408A60 appears 31 times
Source: C:\Windows\SysWOW64\Naipepdh.exe Code function: String function: 00408F18 appears 42 times
Uses 32bit PE files
Source: Xtks4KI16J.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Yara signature match
Source: Xtks4KI16J.exe, type: SAMPLE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: Xtks4KI16J.exe, type: SAMPLE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: Xtks4KI16J.exe, type: SAMPLE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: Xtks4KI16J.exe, type: SAMPLE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 37.3.Poeofa32.exe.81aabc.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 37.3.Poeofa32.exe.81aabc.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 37.3.Poeofa32.exe.81aabc.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 37.3.Poeofa32.exe.81aabc.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 37.3.Poeofa32.exe.81aabc.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 31.3.Obbofa32.exe.72a3bc.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 31.3.Obbofa32.exe.72a3bc.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 31.3.Obbofa32.exe.72a3bc.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 31.3.Obbofa32.exe.72a3bc.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 31.3.Obbofa32.exe.72a3bc.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 22.3.Mndmif32.exe.6ca364.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 22.3.Mndmif32.exe.6ca364.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 22.3.Mndmif32.exe.6ca364.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 22.3.Mndmif32.exe.6ca364.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 11.3.Kjjlpk32.exe.60a944.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 11.3.Kjjlpk32.exe.60a944.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 11.3.Kjjlpk32.exe.60a944.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 11.3.Kjjlpk32.exe.60a944.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 11.3.Kjjlpk32.exe.60a944.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 0.3.Xtks4KI16J.exe.54bf44.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0.3.Xtks4KI16J.exe.54bf44.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.3.Xtks4KI16J.exe.54bf44.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0.3.Xtks4KI16J.exe.54bf44.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0.3.Xtks4KI16J.exe.54bf44.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 4.3.Ikklipqi.exe.64a3cc.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 4.3.Ikklipqi.exe.64a3cc.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 4.3.Ikklipqi.exe.64a3cc.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 4.3.Ikklipqi.exe.64a3cc.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 4.3.Ikklipqi.exe.64a3cc.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 6.3.Jjqijmeq.exe.52997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 6.3.Jjqijmeq.exe.52997c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 6.3.Jjqijmeq.exe.52997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 6.3.Jjqijmeq.exe.52997c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 3.3.Ipfhkgac.exe.5d9814.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 3.3.Ipfhkgac.exe.5d9814.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 3.3.Ipfhkgac.exe.5d9814.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 3.3.Ipfhkgac.exe.5d9814.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 14.3.Khbbobom.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 26.3.Naipepdh.exe.7ba3cc.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 26.3.Naipepdh.exe.7ba3cc.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 26.3.Naipepdh.exe.7ba3cc.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 26.3.Naipepdh.exe.7ba3cc.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 26.3.Naipepdh.exe.7ba3cc.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 14.3.Khbbobom.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 14.3.Khbbobom.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 14.3.Khbbobom.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 2.3.Idogffko.exe.5ea36c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 2.3.Idogffko.exe.5ea36c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 2.3.Idogffko.exe.5ea36c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 2.3.Idogffko.exe.5ea36c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 2.3.Idogffko.exe.5ea36c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 18.3.Lgqbfmlj.exe.7aa944.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 18.3.Lgqbfmlj.exe.7aa944.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.3.Lgqbfmlj.exe.7aa944.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 18.3.Lgqbfmlj.exe.7aa944.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 18.3.Lgqbfmlj.exe.7aa944.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 34.3.Olpmjffk.exe.58a6d4.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 34.3.Olpmjffk.exe.58a6d4.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 34.3.Olpmjffk.exe.58a6d4.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 34.3.Olpmjffk.exe.58a6d4.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 33.3.Olmpdg32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 33.3.Olmpdg32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 33.3.Olmpdg32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 33.3.Olmpdg32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 33.3.Olmpdg32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 19.3.Mbiciein.exe.53a91c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 19.3.Mbiciein.exe.53a91c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 19.3.Mbiciein.exe.53a91c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 19.3.Mbiciein.exe.53a91c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 7.3.Jgdjcadj.exe.56a94c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 7.3.Jgdjcadj.exe.56a94c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 7.3.Jgdjcadj.exe.56a94c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 7.3.Jgdjcadj.exe.56a94c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 7.3.Jgdjcadj.exe.56a94c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 32.3.Ooipkb32.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 32.3.Ooipkb32.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 32.3.Ooipkb32.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 32.3.Ooipkb32.exe.61997c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 20.3.Mnodnfob.exe.7a925c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 20.3.Mnodnfob.exe.7a925c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 20.3.Mnodnfob.exe.7a925c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 20.3.Mnodnfob.exe.7a925c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 27.3.Nnmpodcb.exe.61957c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 27.3.Nnmpodcb.exe.61957c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 27.3.Nnmpodcb.exe.61957c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 27.3.Nnmpodcb.exe.61957c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 5.3.Jddqaf32.exe.58925c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 5.3.Jddqaf32.exe.58925c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 5.3.Jddqaf32.exe.58925c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 5.3.Jddqaf32.exe.58925c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 17.3.Lileeqgb.exe.69a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 17.3.Lileeqgb.exe.69a364.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 17.3.Lileeqgb.exe.69a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 17.3.Lileeqgb.exe.69a364.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 33.3.Olmpdg32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 33.3.Olmpdg32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 33.3.Olmpdg32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 33.3.Olmpdg32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 8.3.Jqmnlf32.exe.4c9754.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 8.3.Jqmnlf32.exe.4c9754.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 8.3.Jqmnlf32.exe.4c9754.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 8.3.Jqmnlf32.exe.4c9754.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 8.3.Jqmnlf32.exe.4c9754.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 1.3.Ikgcna32.exe.5e9814.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 1.3.Ikgcna32.exe.5e9814.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 1.3.Ikgcna32.exe.5e9814.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 1.3.Ikgcna32.exe.5e9814.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 1.3.Ikgcna32.exe.5e9814.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 17.3.Lileeqgb.exe.69a364.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 17.3.Lileeqgb.exe.69a364.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 17.3.Lileeqgb.exe.69a364.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 17.3.Lileeqgb.exe.69a364.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 17.3.Lileeqgb.exe.69a364.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 25.3.Nbdbdc32.exe.78a94c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 25.3.Nbdbdc32.exe.78a94c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 25.3.Nbdbdc32.exe.78a94c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 25.3.Nbdbdc32.exe.78a94c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 25.3.Nbdbdc32.exe.78a94c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 5.3.Jddqaf32.exe.58925c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 5.3.Jddqaf32.exe.58925c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.3.Jddqaf32.exe.58925c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 5.3.Jddqaf32.exe.58925c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 5.3.Jddqaf32.exe.58925c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 36.3.Pkgfpbhq.exe.50a364.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 36.3.Pkgfpbhq.exe.50a364.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 36.3.Pkgfpbhq.exe.50a364.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 36.3.Pkgfpbhq.exe.50a364.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 36.3.Pkgfpbhq.exe.50a364.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 7.3.Jgdjcadj.exe.56a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 7.3.Jgdjcadj.exe.56a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 7.3.Jgdjcadj.exe.56a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 7.3.Jgdjcadj.exe.56a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 24.3.Maefjq32.exe.6f9254.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 24.3.Maefjq32.exe.6f9254.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 24.3.Maefjq32.exe.6f9254.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 24.3.Maefjq32.exe.6f9254.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 24.3.Maefjq32.exe.6f9254.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 13.3.Khnicb32.exe.64a624.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 13.3.Khnicb32.exe.64a624.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 13.3.Khnicb32.exe.64a624.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 13.3.Khnicb32.exe.64a624.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 13.3.Khnicb32.exe.64a624.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 35.3.Plbiofci.exe.79997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 35.3.Plbiofci.exe.79997c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 35.3.Plbiofci.exe.79997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 35.3.Plbiofci.exe.79997c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 2.3.Idogffko.exe.5ea36c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 2.3.Idogffko.exe.5ea36c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 10.3.Jbogli32.exe.5b9254.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 2.3.Idogffko.exe.5ea36c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 2.3.Idogffko.exe.5ea36c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 10.3.Jbogli32.exe.5b9254.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 10.3.Jbogli32.exe.5b9254.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 10.3.Jbogli32.exe.5b9254.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 10.3.Jbogli32.exe.5b9254.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 12.3.Kkjhjn32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 12.3.Kkjhjn32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.3.Kkjhjn32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 12.3.Kkjhjn32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 32.3.Ooipkb32.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 32.3.Ooipkb32.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 32.3.Ooipkb32.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 32.3.Ooipkb32.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 32.3.Ooipkb32.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 12.3.Kkjhjn32.exe.50997c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 4.3.Ikklipqi.exe.64a3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 4.3.Ikklipqi.exe.64a3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 4.3.Ikklipqi.exe.64a3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 4.3.Ikklipqi.exe.64a3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 23.3.Mhlaakam.exe.4dc24c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 23.3.Mhlaakam.exe.4dc24c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 23.3.Mhlaakam.exe.4dc24c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 23.3.Mhlaakam.exe.4dc24c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 23.3.Mhlaakam.exe.4dc24c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 23.3.Mhlaakam.exe.4dc24c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 23.3.Mhlaakam.exe.4dc24c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 23.3.Mhlaakam.exe.4dc24c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 23.3.Mhlaakam.exe.4dc24c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 19.3.Mbiciein.exe.53a91c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 19.3.Mbiciein.exe.53a91c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 19.3.Mbiciein.exe.53a91c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 19.3.Mbiciein.exe.53a91c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 19.3.Mbiciein.exe.53a91c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 39.3.Peadik32.exe.55bd9c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 39.3.Peadik32.exe.55bd9c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 39.3.Peadik32.exe.55bd9c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 39.3.Peadik32.exe.55bd9c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 39.3.Peadik32.exe.55bd9c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 39.3.Peadik32.exe.55bd9c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 39.3.Peadik32.exe.55bd9c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 39.3.Peadik32.exe.55bd9c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 39.3.Peadik32.exe.55bd9c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 20.3.Mnodnfob.exe.7a925c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 20.3.Mnodnfob.exe.7a925c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 20.3.Mnodnfob.exe.7a925c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 20.3.Mnodnfob.exe.7a925c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 20.3.Mnodnfob.exe.7a925c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 1.3.Ikgcna32.exe.5e9814.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 1.3.Ikgcna32.exe.5e9814.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 1.3.Ikgcna32.exe.5e9814.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 1.3.Ikgcna32.exe.5e9814.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 37.3.Poeofa32.exe.81aabc.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 8.3.Jqmnlf32.exe.4c9754.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 37.3.Poeofa32.exe.81aabc.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 37.3.Poeofa32.exe.81aabc.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 37.3.Poeofa32.exe.81aabc.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 8.3.Jqmnlf32.exe.4c9754.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 8.3.Jqmnlf32.exe.4c9754.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 8.3.Jqmnlf32.exe.4c9754.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 36.3.Pkgfpbhq.exe.50a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 36.3.Pkgfpbhq.exe.50a364.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 36.3.Pkgfpbhq.exe.50a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 36.3.Pkgfpbhq.exe.50a364.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 38.3.Pklpkb32.exe.7aa984.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 38.3.Pklpkb32.exe.7aa984.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 38.3.Pklpkb32.exe.7aa984.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 38.3.Pklpkb32.exe.7aa984.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 15.3.Lbmcmgck.exe.5b957c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 15.3.Lbmcmgck.exe.5b957c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 15.3.Lbmcmgck.exe.5b957c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 15.3.Lbmcmgck.exe.5b957c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 14.3.Khbbobom.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 14.3.Khbbobom.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 14.3.Khbbobom.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 14.3.Khbbobom.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 14.3.Khbbobom.exe.61997c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 27.3.Nnmpodcb.exe.61957c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 27.3.Nnmpodcb.exe.61957c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 27.3.Nnmpodcb.exe.61957c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 27.3.Nnmpodcb.exe.61957c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 27.3.Nnmpodcb.exe.61957c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 12.3.Kkjhjn32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 10.3.Jbogli32.exe.5b9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 10.3.Jbogli32.exe.5b9254.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 10.3.Jbogli32.exe.5b9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 10.3.Jbogli32.exe.5b9254.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 12.3.Kkjhjn32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 12.3.Kkjhjn32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 12.3.Kkjhjn32.exe.50997c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 34.3.Olpmjffk.exe.58a6d4.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 34.3.Olpmjffk.exe.58a6d4.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 34.3.Olpmjffk.exe.58a6d4.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 34.3.Olpmjffk.exe.58a6d4.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 34.3.Olpmjffk.exe.58a6d4.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 11.3.Kjjlpk32.exe.60a944.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 11.3.Kjjlpk32.exe.60a944.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 11.3.Kjjlpk32.exe.60a944.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 11.3.Kjjlpk32.exe.60a944.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 29.3.Njfmiegc.exe.66a364.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 29.3.Njfmiegc.exe.66a364.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 29.3.Njfmiegc.exe.66a364.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 29.3.Njfmiegc.exe.66a364.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 29.3.Njfmiegc.exe.66a364.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 30.3.Oihnglob.exe.5b997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 30.3.Oihnglob.exe.5b997c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 30.3.Oihnglob.exe.5b997c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 30.3.Oihnglob.exe.5b997c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 30.3.Oihnglob.exe.5b997c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 28.3.Nlaqhh32.exe.6ea3b4.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 3.3.Ipfhkgac.exe.5d9814.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 3.3.Ipfhkgac.exe.5d9814.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 3.3.Ipfhkgac.exe.5d9814.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 3.3.Ipfhkgac.exe.5d9814.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 3.3.Ipfhkgac.exe.5d9814.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 9.3.Jkbbioja.exe.7b997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 9.3.Jkbbioja.exe.7b997c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 9.3.Jkbbioja.exe.7b997c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 9.3.Jkbbioja.exe.7b997c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 9.3.Jkbbioja.exe.7b997c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 15.3.Lbmcmgck.exe.5b957c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 15.3.Lbmcmgck.exe.5b957c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 15.3.Lbmcmgck.exe.5b957c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 15.3.Lbmcmgck.exe.5b957c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 15.3.Lbmcmgck.exe.5b957c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 24.3.Maefjq32.exe.6f9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 24.3.Maefjq32.exe.6f9254.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 24.3.Maefjq32.exe.6f9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 24.3.Maefjq32.exe.6f9254.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 35.3.Plbiofci.exe.79997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 35.3.Plbiofci.exe.79997c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 35.3.Plbiofci.exe.79997c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 35.3.Plbiofci.exe.79997c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 35.3.Plbiofci.exe.79997c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 13.3.Khnicb32.exe.64a624.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 13.3.Khnicb32.exe.64a624.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 13.3.Khnicb32.exe.64a624.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 13.3.Khnicb32.exe.64a624.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 16.3.Lqbqnc32.exe.6c9254.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 16.3.Lqbqnc32.exe.6c9254.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 16.3.Lqbqnc32.exe.6c9254.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 16.3.Lqbqnc32.exe.6c9254.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 16.3.Lqbqnc32.exe.6c9254.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 22.3.Mndmif32.exe.6ca364.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 22.3.Mndmif32.exe.6ca364.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 22.3.Mndmif32.exe.6ca364.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 22.3.Mndmif32.exe.6ca364.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 22.3.Mndmif32.exe.6ca364.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 26.3.Naipepdh.exe.7ba3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 26.3.Naipepdh.exe.7ba3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 26.3.Naipepdh.exe.7ba3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 26.3.Naipepdh.exe.7ba3cc.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 6.3.Jjqijmeq.exe.52997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 6.3.Jjqijmeq.exe.52997c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 6.3.Jjqijmeq.exe.52997c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 6.3.Jjqijmeq.exe.52997c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 6.3.Jjqijmeq.exe.52997c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 21.3.Mapmoalc.exe.6d997c.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 21.3.Mapmoalc.exe.6d997c.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 21.3.Mapmoalc.exe.6d997c.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 21.3.Mapmoalc.exe.6d997c.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 21.3.Mapmoalc.exe.6d997c.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 21.3.Mapmoalc.exe.6d997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 21.3.Mapmoalc.exe.6d997c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 21.3.Mapmoalc.exe.6d997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 21.3.Mapmoalc.exe.6d997c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 29.3.Njfmiegc.exe.66a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 25.3.Nbdbdc32.exe.78a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 25.3.Nbdbdc32.exe.78a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 25.3.Nbdbdc32.exe.78a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 25.3.Nbdbdc32.exe.78a94c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 29.3.Njfmiegc.exe.66a364.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 29.3.Njfmiegc.exe.66a364.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 29.3.Njfmiegc.exe.66a364.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 38.3.Pklpkb32.exe.7aa984.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 38.3.Pklpkb32.exe.7aa984.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 38.3.Pklpkb32.exe.7aa984.0.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 38.3.Pklpkb32.exe.7aa984.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 38.3.Pklpkb32.exe.7aa984.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 18.3.Lgqbfmlj.exe.7aa944.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 18.3.Lgqbfmlj.exe.7aa944.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 18.3.Lgqbfmlj.exe.7aa944.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 18.3.Lgqbfmlj.exe.7aa944.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 9.3.Jkbbioja.exe.7b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 9.3.Jkbbioja.exe.7b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 9.3.Jkbbioja.exe.7b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 9.3.Jkbbioja.exe.7b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 31.3.Obbofa32.exe.72a3bc.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 31.3.Obbofa32.exe.72a3bc.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 31.3.Obbofa32.exe.72a3bc.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 31.3.Obbofa32.exe.72a3bc.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 30.3.Oihnglob.exe.5b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 30.3.Oihnglob.exe.5b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 30.3.Oihnglob.exe.5b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 30.3.Oihnglob.exe.5b997c.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 16.3.Lqbqnc32.exe.6c9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 16.3.Lqbqnc32.exe.6c9254.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 16.3.Lqbqnc32.exe.6c9254.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 16.3.Lqbqnc32.exe.6c9254.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 0.3.Xtks4KI16J.exe.54bf44.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0.3.Xtks4KI16J.exe.54bf44.0.raw.unpack, type: UNPACKEDPE Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0.3.Xtks4KI16J.exe.54bf44.0.raw.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0.3.Xtks4KI16J.exe.54bf44.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 00000012.00000003.1688164672.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000012.00000003.1688164672.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000012.00000003.1688164672.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0000001A.00000003.1697552383.0000000000797000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0000001A.00000003.1697552383.0000000000797000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0000001A.00000003.1697552383.0000000000797000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000018.00000003.1694510887.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000018.00000003.1694510887.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000018.00000003.1694510887.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0000001D.00000003.1701418557.0000000000625000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0000001D.00000003.1701418557.0000000000625000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0000001D.00000003.1701418557.0000000000625000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000017.00000003.1694286330.0000000000498000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000017.00000003.1694286330.0000000000498000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000017.00000003.1694286330.0000000000498000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000005.00000003.1671203618.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000005.00000003.1671203618.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000005.00000003.1671203618.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0000000B.00000003.1676781348.00000000005E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0000000B.00000003.1676781348.00000000005E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0000000B.00000003.1676781348.00000000005E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0000000F.00000003.1683462189.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0000000F.00000003.1683462189.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0000000F.00000003.1683462189.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000005.00000003.1670457993.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000005.00000003.1670457993.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000005.00000003.1670457993.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000008.00000003.1672819793.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000008.00000003.1672819793.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000008.00000003.1672819793.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000010.00000003.1684949314.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000010.00000003.1684949314.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000010.00000003.1684949314.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000016.00000003.1693116752.0000000000685000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000016.00000003.1693116752.0000000000685000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000016.00000003.1693116752.0000000000685000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000021.00000003.1705228208.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000021.00000003.1705228208.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000021.00000003.1705228208.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000002.00000003.1668782636.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000002.00000003.1668782636.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000002.00000003.1668782636.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0000001F.00000003.1703656412.0000000000707000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0000001F.00000003.1703656412.0000000000707000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0000001F.00000003.1703656412.0000000000707000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000021.00000003.1705639249.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000021.00000003.1705639249.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000021.00000003.1705639249.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000024.00000003.1709294497.00000000004C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000024.00000003.1709294497.00000000004C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000024.00000003.1709294497.00000000004C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000014.00000003.1690898361.0000000000786000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000014.00000003.1690898361.0000000000786000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000014.00000003.1690898361.0000000000786000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000022.00000003.1706530374.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000022.00000003.1706530374.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000022.00000003.1706530374.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000024.00000003.1710074051.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000024.00000003.1710074051.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000024.00000003.1710074051.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000020.00000003.1704430325.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000020.00000003.1704430325.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000020.00000003.1704430325.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000009.00000003.1674880791.0000000000796000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000009.00000003.1674880791.0000000000796000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000009.00000003.1674880791.0000000000796000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000011.00000003.1687305020.0000000000677000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000011.00000003.1687305020.0000000000677000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000011.00000003.1687305020.0000000000677000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000001.00000003.1667291116.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000001.00000003.1667291116.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000001.00000003.1667291116.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0000001C.00000003.1699661136.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0000001C.00000003.1699661136.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0000001C.00000003.1699661136.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0000001F.00000003.1703055149.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0000001F.00000003.1703055149.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0000001F.00000003.1703055149.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000018.00000003.1695645633.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000018.00000003.1695645633.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000018.00000003.1695645633.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000000.00000003.1667029266.0000000000529000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000000.00000003.1667029266.0000000000529000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000000.00000003.1667029266.0000000000529000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000007.00000003.1672114191.0000000000526000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000007.00000003.1672114191.0000000000526000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000007.00000003.1672114191.0000000000526000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000019.00000003.1695959573.0000000000746000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000019.00000003.1695959573.0000000000746000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000019.00000003.1695959573.0000000000746000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000022.00000003.1707729803.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000022.00000003.1707729803.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000022.00000003.1707729803.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000015.00000003.1692151763.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000015.00000003.1692151763.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000015.00000003.1692151763.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0000000D.00000003.1679986428.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0000000D.00000003.1679986428.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0000000D.00000003.1679986428.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0000001E.00000003.1702063579.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0000001E.00000003.1702063579.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0000001E.00000003.1702063579.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0000000C.00000003.1677476799.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0000000C.00000003.1677476799.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0000000C.00000003.1677476799.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000025.00000003.1710369558.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000025.00000003.1710369558.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000025.00000003.1710369558.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000017.00000003.1694223714.00000000004B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000017.00000003.1694223714.00000000004B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000017.00000003.1694223714.00000000004B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0000001E.00000003.1702539267.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0000001E.00000003.1702539267.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0000001E.00000003.1702539267.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000001.00000003.1667894302.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000001.00000003.1667894302.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000001.00000003.1667894302.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000013.00000003.1690653470.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000013.00000003.1690653470.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000013.00000003.1690653470.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0000001A.00000003.1697597168.0000000000775000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0000001A.00000003.1697597168.0000000000775000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0000001A.00000003.1697597168.0000000000775000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000007.00000003.1672430705.0000000000547000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000007.00000003.1672430705.0000000000547000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000007.00000003.1672430705.0000000000547000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000025.00000003.1710709203.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000025.00000003.1710709203.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000025.00000003.1710709203.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000002.00000003.1668815811.00000000005A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000002.00000003.1668815811.00000000005A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000002.00000003.1668815811.00000000005A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000027.00000003.1712420174.0000000000518000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000027.00000003.1712420174.0000000000518000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000027.00000003.1712420174.0000000000518000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000006.00000003.1671436205.0000000000506000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: classification engine Classification label: mal100.troj.evad.winEXE@80/81@0/0
Source: Xtks4KI16J.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\Xtks4KI16J.exe File read: C:\Users\user\Desktop\Xtks4KI16J.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Xtks4KI16J.exe "C:\Users\user\Desktop\Xtks4KI16J.exe"
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Process created: C:\Windows\SysWOW64\Ikgcna32.exe C:\Windows\system32\Ikgcna32.exe
Source: C:\Windows\SysWOW64\Ikgcna32.exe Process created: C:\Windows\SysWOW64\Idogffko.exe C:\Windows\system32\Idogffko.exe
Source: C:\Windows\SysWOW64\Idogffko.exe Process created: C:\Windows\SysWOW64\Ipfhkgac.exe C:\Windows\system32\Ipfhkgac.exe
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Process created: C:\Windows\SysWOW64\Ikklipqi.exe C:\Windows\system32\Ikklipqi.exe
Source: C:\Windows\SysWOW64\Ikklipqi.exe Process created: C:\Windows\SysWOW64\Jddqaf32.exe C:\Windows\system32\Jddqaf32.exe
Source: C:\Windows\SysWOW64\Jddqaf32.exe Process created: C:\Windows\SysWOW64\Jjqijmeq.exe C:\Windows\system32\Jjqijmeq.exe
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Process created: C:\Windows\SysWOW64\Jgdjcadj.exe C:\Windows\system32\Jgdjcadj.exe
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Process created: C:\Windows\SysWOW64\Jqmnlf32.exe C:\Windows\system32\Jqmnlf32.exe
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Process created: C:\Windows\SysWOW64\Jkbbioja.exe C:\Windows\system32\Jkbbioja.exe
Source: C:\Windows\SysWOW64\Jkbbioja.exe Process created: C:\Windows\SysWOW64\Jbogli32.exe C:\Windows\system32\Jbogli32.exe
Source: C:\Windows\SysWOW64\Jbogli32.exe Process created: C:\Windows\SysWOW64\Kjjlpk32.exe C:\Windows\system32\Kjjlpk32.exe
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Process created: C:\Windows\SysWOW64\Kkjhjn32.exe C:\Windows\system32\Kkjhjn32.exe
Source: C:\Windows\SysWOW64\Kkjhjn32.exe Process created: C:\Windows\SysWOW64\Khnicb32.exe C:\Windows\system32\Khnicb32.exe
Source: C:\Windows\SysWOW64\Khnicb32.exe Process created: C:\Windows\SysWOW64\Khbbobom.exe C:\Windows\system32\Khbbobom.exe
Source: C:\Windows\SysWOW64\Khbbobom.exe Process created: C:\Windows\SysWOW64\Lbmcmgck.exe C:\Windows\system32\Lbmcmgck.exe
Source: C:\Windows\SysWOW64\Lbmcmgck.exe Process created: C:\Windows\SysWOW64\Lqbqnc32.exe C:\Windows\system32\Lqbqnc32.exe
Source: C:\Windows\SysWOW64\Lqbqnc32.exe Process created: C:\Windows\SysWOW64\Lileeqgb.exe C:\Windows\system32\Lileeqgb.exe
Source: C:\Windows\SysWOW64\Lileeqgb.exe Process created: C:\Windows\SysWOW64\Lgqbfmlj.exe C:\Windows\system32\Lgqbfmlj.exe
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe Process created: C:\Windows\SysWOW64\Mbiciein.exe C:\Windows\system32\Mbiciein.exe
Source: C:\Windows\SysWOW64\Mbiciein.exe Process created: C:\Windows\SysWOW64\Mnodnfob.exe C:\Windows\system32\Mnodnfob.exe
Source: C:\Windows\SysWOW64\Mnodnfob.exe Process created: C:\Windows\SysWOW64\Mapmoalc.exe C:\Windows\system32\Mapmoalc.exe
Source: C:\Windows\SysWOW64\Mapmoalc.exe Process created: C:\Windows\SysWOW64\Mndmif32.exe C:\Windows\system32\Mndmif32.exe
Source: C:\Windows\SysWOW64\Mndmif32.exe Process created: C:\Windows\SysWOW64\Mhlaakam.exe C:\Windows\system32\Mhlaakam.exe
Source: C:\Windows\SysWOW64\Mhlaakam.exe Process created: C:\Windows\SysWOW64\Maefjq32.exe C:\Windows\system32\Maefjq32.exe
Source: C:\Windows\SysWOW64\Maefjq32.exe Process created: C:\Windows\SysWOW64\Nbdbdc32.exe C:\Windows\system32\Nbdbdc32.exe
Source: C:\Windows\SysWOW64\Nbdbdc32.exe Process created: C:\Windows\SysWOW64\Naipepdh.exe C:\Windows\system32\Naipepdh.exe
Source: C:\Windows\SysWOW64\Naipepdh.exe Process created: C:\Windows\SysWOW64\Nnmpodcb.exe C:\Windows\system32\Nnmpodcb.exe
Source: C:\Windows\SysWOW64\Nnmpodcb.exe Process created: C:\Windows\SysWOW64\Nlaqhh32.exe C:\Windows\system32\Nlaqhh32.exe
Source: C:\Windows\SysWOW64\Nlaqhh32.exe Process created: C:\Windows\SysWOW64\Njfmiegc.exe C:\Windows\system32\Njfmiegc.exe
Source: C:\Windows\SysWOW64\Njfmiegc.exe Process created: C:\Windows\SysWOW64\Oihnglob.exe C:\Windows\system32\Oihnglob.exe
Source: C:\Windows\SysWOW64\Oihnglob.exe Process created: C:\Windows\SysWOW64\Obbofa32.exe C:\Windows\system32\Obbofa32.exe
Source: C:\Windows\SysWOW64\Obbofa32.exe Process created: C:\Windows\SysWOW64\Ooipkb32.exe C:\Windows\system32\Ooipkb32.exe
Source: C:\Windows\SysWOW64\Ooipkb32.exe Process created: C:\Windows\SysWOW64\Olmpdg32.exe C:\Windows\system32\Olmpdg32.exe
Source: C:\Windows\SysWOW64\Olmpdg32.exe Process created: C:\Windows\SysWOW64\Olpmjffk.exe C:\Windows\system32\Olpmjffk.exe
Source: C:\Windows\SysWOW64\Olpmjffk.exe Process created: C:\Windows\SysWOW64\Plbiofci.exe C:\Windows\system32\Plbiofci.exe
Source: C:\Windows\SysWOW64\Plbiofci.exe Process created: C:\Windows\SysWOW64\Pkgfpbhq.exe C:\Windows\system32\Pkgfpbhq.exe
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe Process created: C:\Windows\SysWOW64\Poeofa32.exe C:\Windows\system32\Poeofa32.exe
Source: C:\Windows\SysWOW64\Poeofa32.exe Process created: C:\Windows\SysWOW64\Pklpkb32.exe C:\Windows\system32\Pklpkb32.exe
Source: C:\Windows\SysWOW64\Pklpkb32.exe Process created: C:\Windows\SysWOW64\Peadik32.exe C:\Windows\system32\Peadik32.exe
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Process created: C:\Windows\SysWOW64\Ikgcna32.exe C:\Windows\system32\Ikgcna32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ikgcna32.exe Process created: C:\Windows\SysWOW64\Idogffko.exe C:\Windows\system32\Idogffko.exe Jump to behavior
Source: C:\Windows\SysWOW64\Idogffko.exe Process created: C:\Windows\SysWOW64\Ipfhkgac.exe C:\Windows\system32\Ipfhkgac.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Process created: C:\Windows\SysWOW64\Ikklipqi.exe C:\Windows\system32\Ikklipqi.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ikklipqi.exe Process created: C:\Windows\SysWOW64\Jddqaf32.exe C:\Windows\system32\Jddqaf32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jddqaf32.exe Process created: C:\Windows\SysWOW64\Jjqijmeq.exe C:\Windows\system32\Jjqijmeq.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Process created: C:\Windows\SysWOW64\Jgdjcadj.exe C:\Windows\system32\Jgdjcadj.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Process created: C:\Windows\SysWOW64\Jqmnlf32.exe C:\Windows\system32\Jqmnlf32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Process created: C:\Windows\SysWOW64\Jkbbioja.exe C:\Windows\system32\Jkbbioja.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jkbbioja.exe Process created: C:\Windows\SysWOW64\Jbogli32.exe C:\Windows\system32\Jbogli32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jbogli32.exe Process created: C:\Windows\SysWOW64\Kjjlpk32.exe C:\Windows\system32\Kjjlpk32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Process created: C:\Windows\SysWOW64\Kkjhjn32.exe C:\Windows\system32\Kkjhjn32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Kkjhjn32.exe Process created: C:\Windows\SysWOW64\Khnicb32.exe C:\Windows\system32\Khnicb32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Khnicb32.exe Process created: C:\Windows\SysWOW64\Khbbobom.exe C:\Windows\system32\Khbbobom.exe Jump to behavior
Source: C:\Windows\SysWOW64\Khbbobom.exe Process created: C:\Windows\SysWOW64\Lbmcmgck.exe C:\Windows\system32\Lbmcmgck.exe Jump to behavior
Source: C:\Windows\SysWOW64\Lbmcmgck.exe Process created: C:\Windows\SysWOW64\Lqbqnc32.exe C:\Windows\system32\Lqbqnc32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Lqbqnc32.exe Process created: C:\Windows\SysWOW64\Lileeqgb.exe C:\Windows\system32\Lileeqgb.exe Jump to behavior
Source: C:\Windows\SysWOW64\Lileeqgb.exe Process created: C:\Windows\SysWOW64\Lgqbfmlj.exe C:\Windows\system32\Lgqbfmlj.exe Jump to behavior
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe Process created: C:\Windows\SysWOW64\Mbiciein.exe C:\Windows\system32\Mbiciein.exe Jump to behavior
Source: C:\Windows\SysWOW64\Mbiciein.exe Process created: C:\Windows\SysWOW64\Mnodnfob.exe C:\Windows\system32\Mnodnfob.exe Jump to behavior
Source: C:\Windows\SysWOW64\Mnodnfob.exe Process created: C:\Windows\SysWOW64\Mapmoalc.exe C:\Windows\system32\Mapmoalc.exe Jump to behavior
Source: C:\Windows\SysWOW64\Mapmoalc.exe Process created: C:\Windows\SysWOW64\Mndmif32.exe C:\Windows\system32\Mndmif32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Mndmif32.exe Process created: C:\Windows\SysWOW64\Mhlaakam.exe C:\Windows\system32\Mhlaakam.exe Jump to behavior
Source: C:\Windows\SysWOW64\Mhlaakam.exe Process created: C:\Windows\SysWOW64\Maefjq32.exe C:\Windows\system32\Maefjq32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Maefjq32.exe Process created: C:\Windows\SysWOW64\Nbdbdc32.exe C:\Windows\system32\Nbdbdc32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Nbdbdc32.exe Process created: C:\Windows\SysWOW64\Naipepdh.exe C:\Windows\system32\Naipepdh.exe
Source: C:\Windows\SysWOW64\Naipepdh.exe Process created: C:\Windows\SysWOW64\Nnmpodcb.exe C:\Windows\system32\Nnmpodcb.exe
Source: C:\Windows\SysWOW64\Nnmpodcb.exe Process created: C:\Windows\SysWOW64\Nlaqhh32.exe C:\Windows\system32\Nlaqhh32.exe
Source: C:\Windows\SysWOW64\Nlaqhh32.exe Process created: C:\Windows\SysWOW64\Njfmiegc.exe C:\Windows\system32\Njfmiegc.exe
Source: C:\Windows\SysWOW64\Njfmiegc.exe Process created: C:\Windows\SysWOW64\Oihnglob.exe C:\Windows\system32\Oihnglob.exe
Source: C:\Windows\SysWOW64\Oihnglob.exe Process created: C:\Windows\SysWOW64\Obbofa32.exe C:\Windows\system32\Obbofa32.exe
Source: C:\Windows\SysWOW64\Obbofa32.exe Process created: C:\Windows\SysWOW64\Ooipkb32.exe C:\Windows\system32\Ooipkb32.exe
Source: C:\Windows\SysWOW64\Ooipkb32.exe Process created: C:\Windows\SysWOW64\Olmpdg32.exe C:\Windows\system32\Olmpdg32.exe
Source: C:\Windows\SysWOW64\Olmpdg32.exe Process created: C:\Windows\SysWOW64\Olpmjffk.exe C:\Windows\system32\Olpmjffk.exe
Source: C:\Windows\SysWOW64\Olpmjffk.exe Process created: C:\Windows\SysWOW64\Plbiofci.exe C:\Windows\system32\Plbiofci.exe
Source: C:\Windows\SysWOW64\Plbiofci.exe Process created: C:\Windows\SysWOW64\Pkgfpbhq.exe C:\Windows\system32\Pkgfpbhq.exe
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe Process created: C:\Windows\SysWOW64\Poeofa32.exe C:\Windows\system32\Poeofa32.exe
Source: C:\Windows\SysWOW64\Poeofa32.exe Process created: C:\Windows\SysWOW64\Pklpkb32.exe C:\Windows\system32\Pklpkb32.exe
Source: C:\Windows\SysWOW64\Pklpkb32.exe Process created: C:\Windows\SysWOW64\Peadik32.exe C:\Windows\system32\Peadik32.exe
Source: C:\Windows\SysWOW64\Peadik32.exe Process created: unknown unknown
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ikgcna32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ikgcna32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ikgcna32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ikgcna32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Idogffko.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Idogffko.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Idogffko.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Idogffko.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ikklipqi.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ikklipqi.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ikklipqi.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ikklipqi.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jddqaf32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jddqaf32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jddqaf32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jddqaf32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jkbbioja.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jkbbioja.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jkbbioja.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jkbbioja.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jbogli32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jbogli32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jbogli32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Jbogli32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Kkjhjn32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Kkjhjn32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Kkjhjn32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Kkjhjn32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Khnicb32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Khnicb32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Khnicb32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Khnicb32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Khbbobom.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Khbbobom.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Khbbobom.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Khbbobom.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lbmcmgck.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lbmcmgck.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lbmcmgck.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lbmcmgck.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lqbqnc32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lqbqnc32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lqbqnc32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lqbqnc32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lileeqgb.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lileeqgb.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lileeqgb.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lileeqgb.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mbiciein.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mbiciein.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mbiciein.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mbiciein.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mnodnfob.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mnodnfob.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mnodnfob.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mnodnfob.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mapmoalc.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mapmoalc.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mapmoalc.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mapmoalc.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mndmif32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mndmif32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mndmif32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mndmif32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mhlaakam.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mhlaakam.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mhlaakam.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Mhlaakam.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Maefjq32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Maefjq32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Maefjq32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Maefjq32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Nbdbdc32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Nbdbdc32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Nbdbdc32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Nbdbdc32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Naipepdh.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Naipepdh.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Naipepdh.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Naipepdh.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Nnmpodcb.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Nnmpodcb.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Nnmpodcb.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Nnmpodcb.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Nlaqhh32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Nlaqhh32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Nlaqhh32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Nlaqhh32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Njfmiegc.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Njfmiegc.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Njfmiegc.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Njfmiegc.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Oihnglob.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Oihnglob.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Oihnglob.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Oihnglob.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Obbofa32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Obbofa32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Obbofa32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Obbofa32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Ooipkb32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Ooipkb32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Ooipkb32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Ooipkb32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Olmpdg32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Olmpdg32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Olmpdg32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Olmpdg32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Olpmjffk.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Olpmjffk.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Olpmjffk.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Olpmjffk.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Plbiofci.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Plbiofci.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Plbiofci.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Plbiofci.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Poeofa32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Poeofa32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Poeofa32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Poeofa32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Pklpkb32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Pklpkb32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Pklpkb32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Pklpkb32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Peadik32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Peadik32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Peadik32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Peadik32.exe Section loaded: ntmarta.dll
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .fldo
PE file contains sections with non-standard names
Source: Xtks4KI16J.exe Static PE information: section name: .fldo
Source: Xtks4KI16J.exe Static PE information: section name: .l1
Source: Ikgcna32.exe.0.dr Static PE information: section name: .fldo
Source: Ikgcna32.exe.0.dr Static PE information: section name: .l1
Source: Idogffko.exe.1.dr Static PE information: section name: .fldo
Source: Idogffko.exe.1.dr Static PE information: section name: .l1
Source: Ipfhkgac.exe.2.dr Static PE information: section name: .fldo
Source: Ipfhkgac.exe.2.dr Static PE information: section name: .l1
Source: Ikklipqi.exe.3.dr Static PE information: section name: .fldo
Source: Ikklipqi.exe.3.dr Static PE information: section name: .l1
Source: Jddqaf32.exe.4.dr Static PE information: section name: .fldo
Source: Jddqaf32.exe.4.dr Static PE information: section name: .l1
Source: Jjqijmeq.exe.5.dr Static PE information: section name: .fldo
Source: Jjqijmeq.exe.5.dr Static PE information: section name: .l1
Source: Jgdjcadj.exe.6.dr Static PE information: section name: .fldo
Source: Jgdjcadj.exe.6.dr Static PE information: section name: .l1
Source: Jqmnlf32.exe.7.dr Static PE information: section name: .fldo
Source: Jqmnlf32.exe.7.dr Static PE information: section name: .l1
Source: Jkbbioja.exe.8.dr Static PE information: section name: .fldo
Source: Jkbbioja.exe.8.dr Static PE information: section name: .l1
Source: Jbogli32.exe.9.dr Static PE information: section name: .fldo
Source: Jbogli32.exe.9.dr Static PE information: section name: .l1
Source: Kjjlpk32.exe.10.dr Static PE information: section name: .fldo
Source: Kjjlpk32.exe.10.dr Static PE information: section name: .l1
Source: Kkjhjn32.exe.11.dr Static PE information: section name: .fldo
Source: Kkjhjn32.exe.11.dr Static PE information: section name: .l1
Source: Khnicb32.exe.12.dr Static PE information: section name: .fldo
Source: Khnicb32.exe.12.dr Static PE information: section name: .l1
Source: Khbbobom.exe.13.dr Static PE information: section name: .fldo
Source: Khbbobom.exe.13.dr Static PE information: section name: .l1
Source: Lbmcmgck.exe.14.dr Static PE information: section name: .fldo
Source: Lbmcmgck.exe.14.dr Static PE information: section name: .l1
Source: Lqbqnc32.exe.15.dr Static PE information: section name: .fldo
Source: Lqbqnc32.exe.15.dr Static PE information: section name: .l1
Source: Lileeqgb.exe.16.dr Static PE information: section name: .fldo
Source: Lileeqgb.exe.16.dr Static PE information: section name: .l1
Source: Lgqbfmlj.exe.17.dr Static PE information: section name: .fldo
Source: Lgqbfmlj.exe.17.dr Static PE information: section name: .l1
Source: Mbiciein.exe.18.dr Static PE information: section name: .fldo
Source: Mbiciein.exe.18.dr Static PE information: section name: .l1
Source: Mnodnfob.exe.19.dr Static PE information: section name: .fldo
Source: Mnodnfob.exe.19.dr Static PE information: section name: .l1
Source: Mapmoalc.exe.20.dr Static PE information: section name: .fldo
Source: Mapmoalc.exe.20.dr Static PE information: section name: .l1
Source: Mndmif32.exe.21.dr Static PE information: section name: .fldo
Source: Mndmif32.exe.21.dr Static PE information: section name: .l1
Source: Mhlaakam.exe.22.dr Static PE information: section name: .fldo
Source: Mhlaakam.exe.22.dr Static PE information: section name: .l1
Source: Maefjq32.exe.23.dr Static PE information: section name: .fldo
Source: Maefjq32.exe.23.dr Static PE information: section name: .l1
Source: Nbdbdc32.exe.24.dr Static PE information: section name: .fldo
Source: Nbdbdc32.exe.24.dr Static PE information: section name: .l1
Source: Naipepdh.exe.25.dr Static PE information: section name: .fldo
Source: Naipepdh.exe.25.dr Static PE information: section name: .l1
Source: Nnmpodcb.exe.26.dr Static PE information: section name: .fldo
Source: Nnmpodcb.exe.26.dr Static PE information: section name: .l1
Source: Nlaqhh32.exe.27.dr Static PE information: section name: .fldo
Source: Nlaqhh32.exe.27.dr Static PE information: section name: .l1
Source: Njfmiegc.exe.28.dr Static PE information: section name: .fldo
Source: Njfmiegc.exe.28.dr Static PE information: section name: .l1
Source: Oihnglob.exe.29.dr Static PE information: section name: .fldo
Source: Oihnglob.exe.29.dr Static PE information: section name: .l1
Source: Obbofa32.exe.30.dr Static PE information: section name: .fldo
Source: Obbofa32.exe.30.dr Static PE information: section name: .l1
Source: Ooipkb32.exe.31.dr Static PE information: section name: .fldo
Source: Ooipkb32.exe.31.dr Static PE information: section name: .l1
Source: Olmpdg32.exe.32.dr Static PE information: section name: .fldo
Source: Olmpdg32.exe.32.dr Static PE information: section name: .l1
Source: Olpmjffk.exe.33.dr Static PE information: section name: .fldo
Source: Olpmjffk.exe.33.dr Static PE information: section name: .l1
Source: Plbiofci.exe.34.dr Static PE information: section name: .fldo
Source: Plbiofci.exe.34.dr Static PE information: section name: .l1
Source: Pkgfpbhq.exe.35.dr Static PE information: section name: .fldo
Source: Pkgfpbhq.exe.35.dr Static PE information: section name: .l1
Source: Poeofa32.exe.36.dr Static PE information: section name: .fldo
Source: Poeofa32.exe.36.dr Static PE information: section name: .l1
Source: Pklpkb32.exe.37.dr Static PE information: section name: .fldo
Source: Pklpkb32.exe.37.dr Static PE information: section name: .l1
Source: Peadik32.exe.38.dr Static PE information: section name: .fldo
Source: Peadik32.exe.38.dr Static PE information: section name: .l1
Source: Pojhapkb.exe.39.dr Static PE information: section name: .fldo
Source: Pojhapkb.exe.39.dr Static PE information: section name: .l1
Source: Xtks4KI16J.exe Static PE information: section name: .text entropy: 7.11901866962878
Source: Ikgcna32.exe.0.dr Static PE information: section name: .text entropy: 7.190482233326463
Source: Idogffko.exe.1.dr Static PE information: section name: .text entropy: 7.182542383755306
Source: Ipfhkgac.exe.2.dr Static PE information: section name: .text entropy: 7.135642593039847
Source: Ikklipqi.exe.3.dr Static PE information: section name: .text entropy: 7.104728061422748
Source: Jddqaf32.exe.4.dr Static PE information: section name: .text entropy: 7.21411877798477
Source: Jjqijmeq.exe.5.dr Static PE information: section name: .text entropy: 7.138073122378964
Source: Jgdjcadj.exe.6.dr Static PE information: section name: .text entropy: 7.192508151374742
Source: Jqmnlf32.exe.7.dr Static PE information: section name: .text entropy: 7.194759778229209
Source: Jkbbioja.exe.8.dr Static PE information: section name: .text entropy: 7.183360324964623
Source: Jbogli32.exe.9.dr Static PE information: section name: .text entropy: 7.153167319817991
Source: Kjjlpk32.exe.10.dr Static PE information: section name: .text entropy: 7.159637234597299
Source: Kkjhjn32.exe.11.dr Static PE information: section name: .text entropy: 7.149258724172837
Source: Khnicb32.exe.12.dr Static PE information: section name: .text entropy: 7.163630091069971
Source: Khbbobom.exe.13.dr Static PE information: section name: .text entropy: 7.1867247509206775
Source: Lbmcmgck.exe.14.dr Static PE information: section name: .text entropy: 7.1930633726426745
Source: Lqbqnc32.exe.15.dr Static PE information: section name: .text entropy: 7.210708880311055
Source: Lileeqgb.exe.16.dr Static PE information: section name: .text entropy: 7.140865936092607
Source: Lgqbfmlj.exe.17.dr Static PE information: section name: .text entropy: 7.13081718182071
Source: Mbiciein.exe.18.dr Static PE information: section name: .text entropy: 7.192261615740379
Source: Mnodnfob.exe.19.dr Static PE information: section name: .text entropy: 7.197782097718514
Source: Mapmoalc.exe.20.dr Static PE information: section name: .text entropy: 6.913569012186454
Source: Mndmif32.exe.21.dr Static PE information: section name: .text entropy: 7.110695297428297
Source: Mhlaakam.exe.22.dr Static PE information: section name: .text entropy: 7.125492917293478
Source: Maefjq32.exe.23.dr Static PE information: section name: .text entropy: 7.102046689140308
Source: Nbdbdc32.exe.24.dr Static PE information: section name: .text entropy: 7.146145917559521
Source: Naipepdh.exe.25.dr Static PE information: section name: .text entropy: 7.148389017019169
Source: Nnmpodcb.exe.26.dr Static PE information: section name: .text entropy: 7.101563612780033
Source: Nlaqhh32.exe.27.dr Static PE information: section name: .text entropy: 7.109467712533071
Source: Njfmiegc.exe.28.dr Static PE information: section name: .text entropy: 7.109694463614794
Source: Oihnglob.exe.29.dr Static PE information: section name: .text entropy: 7.194965376176864
Source: Obbofa32.exe.30.dr Static PE information: section name: .text entropy: 7.152775086787048
Source: Ooipkb32.exe.31.dr Static PE information: section name: .text entropy: 7.217200550652767
Source: Olmpdg32.exe.32.dr Static PE information: section name: .text entropy: 7.2161538654330935
Source: Olpmjffk.exe.33.dr Static PE information: section name: .text entropy: 6.945021889194044
Source: Plbiofci.exe.34.dr Static PE information: section name: .text entropy: 7.162281357562582
Source: Pkgfpbhq.exe.35.dr Static PE information: section name: .text entropy: 7.199667343423311
Source: Poeofa32.exe.36.dr Static PE information: section name: .text entropy: 7.196963257079966
Source: Pklpkb32.exe.37.dr Static PE information: section name: .text entropy: 7.108552173876771
Source: Peadik32.exe.38.dr Static PE information: section name: .text entropy: 7.171066258230804
Source: Pojhapkb.exe.39.dr Static PE information: section name: .text entropy: 7.1839375244240244

Persistence and Installation Behavior
barindex
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Executable created and started: C:\Windows\SysWOW64\Ikklipqi.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Executable created and started: C:\Windows\SysWOW64\Jqmnlf32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ooipkb32.exe Executable created and started: C:\Windows\SysWOW64\Olmpdg32.exe
Source: C:\Windows\SysWOW64\Lqbqnc32.exe Executable created and started: C:\Windows\SysWOW64\Lileeqgb.exe Jump to behavior
Source: C:\Windows\SysWOW64\Maefjq32.exe Executable created and started: C:\Windows\SysWOW64\Nbdbdc32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ikklipqi.exe Executable created and started: C:\Windows\SysWOW64\Jddqaf32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jddqaf32.exe Executable created and started: C:\Windows\SysWOW64\Jjqijmeq.exe Jump to behavior
Source: C:\Windows\SysWOW64\Mbiciein.exe Executable created and started: C:\Windows\SysWOW64\Mnodnfob.exe Jump to behavior
Source: C:\Windows\SysWOW64\Njfmiegc.exe Executable created and started: C:\Windows\SysWOW64\Oihnglob.exe
Source: C:\Windows\SysWOW64\Poeofa32.exe Executable created and started: C:\Windows\SysWOW64\Pklpkb32.exe
Source: C:\Windows\SysWOW64\Khnicb32.exe Executable created and started: C:\Windows\SysWOW64\Khbbobom.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Executable created and started: C:\Windows\SysWOW64\Jkbbioja.exe Jump to behavior
Source: C:\Windows\SysWOW64\Naipepdh.exe Executable created and started: C:\Windows\SysWOW64\Nnmpodcb.exe
Source: C:\Windows\SysWOW64\Plbiofci.exe Executable created and started: C:\Windows\SysWOW64\Pkgfpbhq.exe
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe Executable created and started: C:\Windows\SysWOW64\Poeofa32.exe
Source: C:\Windows\SysWOW64\Mnodnfob.exe Executable created and started: C:\Windows\SysWOW64\Mapmoalc.exe Jump to behavior
Source: C:\Windows\SysWOW64\Nbdbdc32.exe Executable created and started: C:\Windows\SysWOW64\Naipepdh.exe
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Executable created and started: C:\Windows\SysWOW64\Ikgcna32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Mndmif32.exe Executable created and started: C:\Windows\SysWOW64\Mhlaakam.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ikgcna32.exe Executable created and started: C:\Windows\SysWOW64\Idogffko.exe Jump to behavior
Source: C:\Windows\SysWOW64\Lbmcmgck.exe Executable created and started: C:\Windows\SysWOW64\Lqbqnc32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Oihnglob.exe Executable created and started: C:\Windows\SysWOW64\Obbofa32.exe
Source: C:\Windows\SysWOW64\Nnmpodcb.exe Executable created and started: C:\Windows\SysWOW64\Nlaqhh32.exe
Source: C:\Windows\SysWOW64\Kkjhjn32.exe Executable created and started: C:\Windows\SysWOW64\Khnicb32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Khbbobom.exe Executable created and started: C:\Windows\SysWOW64\Lbmcmgck.exe Jump to behavior
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe Executable created and started: C:\Windows\SysWOW64\Mbiciein.exe Jump to behavior
Source: C:\Windows\SysWOW64\Pklpkb32.exe Executable created and started: C:\Windows\SysWOW64\Peadik32.exe
Source: C:\Windows\SysWOW64\Idogffko.exe Executable created and started: C:\Windows\SysWOW64\Ipfhkgac.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jbogli32.exe Executable created and started: C:\Windows\SysWOW64\Kjjlpk32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jkbbioja.exe Executable created and started: C:\Windows\SysWOW64\Jbogli32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Nlaqhh32.exe Executable created and started: C:\Windows\SysWOW64\Njfmiegc.exe
Source: C:\Windows\SysWOW64\Olpmjffk.exe Executable created and started: C:\Windows\SysWOW64\Plbiofci.exe
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Executable created and started: C:\Windows\SysWOW64\Kkjhjn32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Executable created and started: C:\Windows\SysWOW64\Jgdjcadj.exe Jump to behavior
Source: C:\Windows\SysWOW64\Olmpdg32.exe Executable created and started: C:\Windows\SysWOW64\Olpmjffk.exe
Source: C:\Windows\SysWOW64\Mapmoalc.exe Executable created and started: C:\Windows\SysWOW64\Mndmif32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Mhlaakam.exe Executable created and started: C:\Windows\SysWOW64\Maefjq32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Obbofa32.exe Executable created and started: C:\Windows\SysWOW64\Ooipkb32.exe
Source: C:\Windows\SysWOW64\Lileeqgb.exe Executable created and started: C:\Windows\SysWOW64\Lgqbfmlj.exe Jump to behavior
Drops PE files
Source: C:\Windows\SysWOW64\Ikklipqi.exe File created: C:\Windows\SysWOW64\Ghhjiigd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mhlaakam.exe File created: C:\Windows\SysWOW64\Epibpnek.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Poeofa32.exe File created: C:\Windows\SysWOW64\Ocnhkj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mnodnfob.exe File created: C:\Windows\SysWOW64\Jebgbcgg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kkjhjn32.exe File created: C:\Windows\SysWOW64\Jdhlnhlh.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ikgcna32.exe File created: C:\Windows\SysWOW64\Ojkfapce.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ipfhkgac.exe File created: C:\Windows\SysWOW64\Ikklipqi.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jgdjcadj.exe File created: C:\Windows\SysWOW64\Jqmnlf32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ooipkb32.exe File created: C:\Windows\SysWOW64\Olmpdg32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Olpmjffk.exe File created: C:\Windows\SysWOW64\Alqeloga.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Khbbobom.exe File created: C:\Windows\SysWOW64\Cmjgejad.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lqbqnc32.exe File created: C:\Windows\SysWOW64\Lileeqgb.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Naipepdh.exe File created: C:\Windows\SysWOW64\Biiggc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Maefjq32.exe File created: C:\Windows\SysWOW64\Nbdbdc32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mapmoalc.exe File created: C:\Windows\SysWOW64\Mmppcahg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jjqijmeq.exe File created: C:\Windows\SysWOW64\Glblcojl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jbogli32.exe File created: C:\Windows\SysWOW64\Egobfg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lqbqnc32.exe File created: C:\Windows\SysWOW64\Beofla32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ikklipqi.exe File created: C:\Windows\SysWOW64\Jddqaf32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jgdjcadj.exe File created: C:\Windows\SysWOW64\Ppgdmofd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jddqaf32.exe File created: C:\Windows\SysWOW64\Jjqijmeq.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mbiciein.exe File created: C:\Windows\SysWOW64\Mnodnfob.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ooipkb32.exe File created: C:\Windows\SysWOW64\Mnjfhgoc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nnmpodcb.exe File created: C:\Windows\SysWOW64\Pnnifl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Idogffko.exe File created: C:\Windows\SysWOW64\Qelfpmpj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Njfmiegc.exe File created: C:\Windows\SysWOW64\Oihnglob.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Poeofa32.exe File created: C:\Windows\SysWOW64\Pklpkb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe File created: C:\Windows\SysWOW64\Gjdogi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kjjlpk32.exe File created: C:\Windows\SysWOW64\Gedgjccb.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Khnicb32.exe File created: C:\Windows\SysWOW64\Khbbobom.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jqmnlf32.exe File created: C:\Windows\SysWOW64\Jkbbioja.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Khnicb32.exe File created: C:\Windows\SysWOW64\Fpianhmj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Naipepdh.exe File created: C:\Windows\SysWOW64\Nnmpodcb.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Plbiofci.exe File created: C:\Windows\SysWOW64\Pkgfpbhq.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe File created: C:\Windows\SysWOW64\Poeofa32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mnodnfob.exe File created: C:\Windows\SysWOW64\Mapmoalc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nlaqhh32.exe File created: C:\Windows\SysWOW64\Jccpao32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Njfmiegc.exe File created: C:\Windows\SysWOW64\Efqdik32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mndmif32.exe File created: C:\Windows\SysWOW64\Ledhoq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mbiciein.exe File created: C:\Windows\SysWOW64\Hdlllf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nbdbdc32.exe File created: C:\Windows\SysWOW64\Naipepdh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lileeqgb.exe File created: C:\Windows\SysWOW64\Pmallabk.dll Jump to dropped file
Source: C:\Users\user\Desktop\Xtks4KI16J.exe File created: C:\Windows\SysWOW64\Ikgcna32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ipfhkgac.exe File created: C:\Windows\SysWOW64\Pkdiefem.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe File created: C:\Windows\SysWOW64\Oelbhifg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mndmif32.exe File created: C:\Windows\SysWOW64\Mhlaakam.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ikgcna32.exe File created: C:\Windows\SysWOW64\Idogffko.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lbmcmgck.exe File created: C:\Windows\SysWOW64\Lqbqnc32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Oihnglob.exe File created: C:\Windows\SysWOW64\Obbofa32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nnmpodcb.exe File created: C:\Windows\SysWOW64\Nlaqhh32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kkjhjn32.exe File created: C:\Windows\SysWOW64\Khnicb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Khbbobom.exe File created: C:\Windows\SysWOW64\Lbmcmgck.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe File created: C:\Windows\SysWOW64\Mbiciein.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Olmpdg32.exe File created: C:\Windows\SysWOW64\Nghjeepc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nbdbdc32.exe File created: C:\Windows\SysWOW64\Ckllojnq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Obbofa32.exe File created: C:\Windows\SysWOW64\Jlihgcil.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Peadik32.exe File created: C:\Windows\SysWOW64\Pojhapkb.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jddqaf32.exe File created: C:\Windows\SysWOW64\Ekicli32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Peadik32.exe File created: C:\Windows\SysWOW64\Omfmbkgb.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jqmnlf32.exe File created: C:\Windows\SysWOW64\Dblkhkce.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pklpkb32.exe File created: C:\Windows\SysWOW64\Peadik32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Idogffko.exe File created: C:\Windows\SysWOW64\Ipfhkgac.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jbogli32.exe File created: C:\Windows\SysWOW64\Kjjlpk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pklpkb32.exe File created: C:\Windows\SysWOW64\Ndbcmg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jkbbioja.exe File created: C:\Windows\SysWOW64\Jbogli32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lbmcmgck.exe File created: C:\Windows\SysWOW64\Moqmapgi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nlaqhh32.exe File created: C:\Windows\SysWOW64\Njfmiegc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Maefjq32.exe File created: C:\Windows\SysWOW64\Dajmooqf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Olpmjffk.exe File created: C:\Windows\SysWOW64\Plbiofci.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kjjlpk32.exe File created: C:\Windows\SysWOW64\Kkjhjn32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jjqijmeq.exe File created: C:\Windows\SysWOW64\Jgdjcadj.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jkbbioja.exe File created: C:\Windows\SysWOW64\Cacope32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Olmpdg32.exe File created: C:\Windows\SysWOW64\Olpmjffk.exe Jump to dropped file
Source: C:\Users\user\Desktop\Xtks4KI16J.exe File created: C:\Windows\SysWOW64\Hiiodl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Plbiofci.exe File created: C:\Windows\SysWOW64\Jpjjpdfj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mapmoalc.exe File created: C:\Windows\SysWOW64\Mndmif32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mhlaakam.exe File created: C:\Windows\SysWOW64\Maefjq32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Oihnglob.exe File created: C:\Windows\SysWOW64\Hilimkhd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Obbofa32.exe File created: C:\Windows\SysWOW64\Ooipkb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lileeqgb.exe File created: C:\Windows\SysWOW64\Lgqbfmlj.exe Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\SysWOW64\Ikklipqi.exe File created: C:\Windows\SysWOW64\Ghhjiigd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mhlaakam.exe File created: C:\Windows\SysWOW64\Epibpnek.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Poeofa32.exe File created: C:\Windows\SysWOW64\Ocnhkj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mnodnfob.exe File created: C:\Windows\SysWOW64\Jebgbcgg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kkjhjn32.exe File created: C:\Windows\SysWOW64\Jdhlnhlh.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ikgcna32.exe File created: C:\Windows\SysWOW64\Ojkfapce.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ipfhkgac.exe File created: C:\Windows\SysWOW64\Ikklipqi.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jgdjcadj.exe File created: C:\Windows\SysWOW64\Jqmnlf32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ooipkb32.exe File created: C:\Windows\SysWOW64\Olmpdg32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Olpmjffk.exe File created: C:\Windows\SysWOW64\Alqeloga.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Khbbobom.exe File created: C:\Windows\SysWOW64\Cmjgejad.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lqbqnc32.exe File created: C:\Windows\SysWOW64\Lileeqgb.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Naipepdh.exe File created: C:\Windows\SysWOW64\Biiggc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Maefjq32.exe File created: C:\Windows\SysWOW64\Nbdbdc32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mapmoalc.exe File created: C:\Windows\SysWOW64\Mmppcahg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jjqijmeq.exe File created: C:\Windows\SysWOW64\Glblcojl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jbogli32.exe File created: C:\Windows\SysWOW64\Egobfg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lqbqnc32.exe File created: C:\Windows\SysWOW64\Beofla32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ikklipqi.exe File created: C:\Windows\SysWOW64\Jddqaf32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jgdjcadj.exe File created: C:\Windows\SysWOW64\Ppgdmofd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jddqaf32.exe File created: C:\Windows\SysWOW64\Jjqijmeq.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mbiciein.exe File created: C:\Windows\SysWOW64\Mnodnfob.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ooipkb32.exe File created: C:\Windows\SysWOW64\Mnjfhgoc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nnmpodcb.exe File created: C:\Windows\SysWOW64\Pnnifl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Idogffko.exe File created: C:\Windows\SysWOW64\Qelfpmpj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Njfmiegc.exe File created: C:\Windows\SysWOW64\Oihnglob.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Poeofa32.exe File created: C:\Windows\SysWOW64\Pklpkb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe File created: C:\Windows\SysWOW64\Gjdogi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kjjlpk32.exe File created: C:\Windows\SysWOW64\Gedgjccb.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Khnicb32.exe File created: C:\Windows\SysWOW64\Khbbobom.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jqmnlf32.exe File created: C:\Windows\SysWOW64\Jkbbioja.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Khnicb32.exe File created: C:\Windows\SysWOW64\Fpianhmj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Naipepdh.exe File created: C:\Windows\SysWOW64\Nnmpodcb.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Plbiofci.exe File created: C:\Windows\SysWOW64\Pkgfpbhq.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe File created: C:\Windows\SysWOW64\Poeofa32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mnodnfob.exe File created: C:\Windows\SysWOW64\Mapmoalc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nlaqhh32.exe File created: C:\Windows\SysWOW64\Jccpao32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Njfmiegc.exe File created: C:\Windows\SysWOW64\Efqdik32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mndmif32.exe File created: C:\Windows\SysWOW64\Ledhoq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mbiciein.exe File created: C:\Windows\SysWOW64\Hdlllf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nbdbdc32.exe File created: C:\Windows\SysWOW64\Naipepdh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lileeqgb.exe File created: C:\Windows\SysWOW64\Pmallabk.dll Jump to dropped file
Source: C:\Users\user\Desktop\Xtks4KI16J.exe File created: C:\Windows\SysWOW64\Ikgcna32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ipfhkgac.exe File created: C:\Windows\SysWOW64\Pkdiefem.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe File created: C:\Windows\SysWOW64\Oelbhifg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mndmif32.exe File created: C:\Windows\SysWOW64\Mhlaakam.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ikgcna32.exe File created: C:\Windows\SysWOW64\Idogffko.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lbmcmgck.exe File created: C:\Windows\SysWOW64\Lqbqnc32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Oihnglob.exe File created: C:\Windows\SysWOW64\Obbofa32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nnmpodcb.exe File created: C:\Windows\SysWOW64\Nlaqhh32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kkjhjn32.exe File created: C:\Windows\SysWOW64\Khnicb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Khbbobom.exe File created: C:\Windows\SysWOW64\Lbmcmgck.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe File created: C:\Windows\SysWOW64\Mbiciein.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Olmpdg32.exe File created: C:\Windows\SysWOW64\Nghjeepc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nbdbdc32.exe File created: C:\Windows\SysWOW64\Ckllojnq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Obbofa32.exe File created: C:\Windows\SysWOW64\Jlihgcil.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Peadik32.exe File created: C:\Windows\SysWOW64\Pojhapkb.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jddqaf32.exe File created: C:\Windows\SysWOW64\Ekicli32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Peadik32.exe File created: C:\Windows\SysWOW64\Omfmbkgb.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jqmnlf32.exe File created: C:\Windows\SysWOW64\Dblkhkce.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pklpkb32.exe File created: C:\Windows\SysWOW64\Peadik32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Idogffko.exe File created: C:\Windows\SysWOW64\Ipfhkgac.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jbogli32.exe File created: C:\Windows\SysWOW64\Kjjlpk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pklpkb32.exe File created: C:\Windows\SysWOW64\Ndbcmg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jkbbioja.exe File created: C:\Windows\SysWOW64\Jbogli32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lbmcmgck.exe File created: C:\Windows\SysWOW64\Moqmapgi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nlaqhh32.exe File created: C:\Windows\SysWOW64\Njfmiegc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Maefjq32.exe File created: C:\Windows\SysWOW64\Dajmooqf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Olpmjffk.exe File created: C:\Windows\SysWOW64\Plbiofci.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kjjlpk32.exe File created: C:\Windows\SysWOW64\Kkjhjn32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jjqijmeq.exe File created: C:\Windows\SysWOW64\Jgdjcadj.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jkbbioja.exe File created: C:\Windows\SysWOW64\Cacope32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Olmpdg32.exe File created: C:\Windows\SysWOW64\Olpmjffk.exe Jump to dropped file
Source: C:\Users\user\Desktop\Xtks4KI16J.exe File created: C:\Windows\SysWOW64\Hiiodl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Plbiofci.exe File created: C:\Windows\SysWOW64\Jpjjpdfj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mapmoalc.exe File created: C:\Windows\SysWOW64\Mndmif32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mhlaakam.exe File created: C:\Windows\SysWOW64\Maefjq32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Oihnglob.exe File created: C:\Windows\SysWOW64\Hilimkhd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Obbofa32.exe File created: C:\Windows\SysWOW64\Ooipkb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lileeqgb.exe File created: C:\Windows\SysWOW64\Lgqbfmlj.exe Jump to dropped file

Boot Survival
barindex
Creates an undocumented autostart registry key
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad Web Event Logger Jump to behavior
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad Web Event Logger Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Windows\SysWOW64\Ikklipqi.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ghhjiigd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mhlaakam.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Epibpnek.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lileeqgb.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Pmallabk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Poeofa32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ocnhkj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mnodnfob.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Jebgbcgg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lgqbfmlj.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Oelbhifg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kkjhjn32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Jdhlnhlh.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ipfhkgac.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Pkdiefem.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ikgcna32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ojkfapce.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Olpmjffk.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Alqeloga.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Khbbobom.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Cmjgejad.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Naipepdh.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Biiggc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mapmoalc.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Mmppcahg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jjqijmeq.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Glblcojl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lqbqnc32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Beofla32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jbogli32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Egobfg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Olmpdg32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Nghjeepc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Obbofa32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Jlihgcil.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nbdbdc32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ckllojnq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jgdjcadj.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ppgdmofd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Peadik32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Pojhapkb.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Peadik32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Omfmbkgb.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jddqaf32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ekicli32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jqmnlf32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Dblkhkce.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ooipkb32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Mnjfhgoc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nnmpodcb.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Pnnifl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pklpkb32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ndbcmg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Idogffko.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Qelfpmpj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lbmcmgck.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Moqmapgi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pkgfpbhq.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Gjdogi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kjjlpk32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Gedgjccb.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Maefjq32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Dajmooqf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jkbbioja.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Cacope32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Khnicb32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Fpianhmj.dll Jump to dropped file
Source: C:\Users\user\Desktop\Xtks4KI16J.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hiiodl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Plbiofci.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Jpjjpdfj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nlaqhh32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Jccpao32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Njfmiegc.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Efqdik32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Oihnglob.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hilimkhd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mndmif32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ledhoq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mbiciein.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hdlllf32.dll Jump to dropped file

Stealing of Sensitive Information
barindex
Yara detected Berbew
Source: Yara match File source: 3.2.Ipfhkgac.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.2.Naipepdh.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.2.Kjjlpk32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.2.Maefjq32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 32.2.Ooipkb32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.2.Oihnglob.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.Ikgcna32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.Jbogli32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.2.Nnmpodcb.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 36.2.Pkgfpbhq.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.2.Jqmnlf32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.2.Kjjlpk32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 38.2.Pklpkb32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.2.Kkjhjn32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.Jddqaf32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.2.Jgdjcadj.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.2.Nbdbdc32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.2.Mapmoalc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.2.Lqbqnc32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.2.Lgqbfmlj.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.2.Olpmjffk.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.2.Poeofa32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.Ipfhkgac.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.2.Mndmif32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.Ikklipqi.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.2.Khnicb32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 39.2.Peadik32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.2.Lileeqgb.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Xtks4KI16J.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.2.Mndmif32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.2.Lbmcmgck.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.2.Lgqbfmlj.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.2.Nlaqhh32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.2.Jqmnlf32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 35.2.Plbiofci.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.2.Nlaqhh32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.Ikgcna32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.2.Mbiciein.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.2.Olpmjffk.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.2.Lileeqgb.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.2.Lbmcmgck.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.2.Khbbobom.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.2.Jkbbioja.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 39.2.Peadik32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.2.Nnmpodcb.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 29.2.Njfmiegc.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.2.Khnicb32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 36.2.Pkgfpbhq.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.2.Oihnglob.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.2.Mnodnfob.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.2.Maefjq32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.Idogffko.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.2.Mapmoalc.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 33.2.Olmpdg32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 35.2.Plbiofci.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.2.Jgdjcadj.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.2.Poeofa32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.2.Mbiciein.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.Jbogli32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 38.2.Pklpkb32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.Jjqijmeq.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 31.2.Obbofa32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.2.Jkbbioja.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.Ikklipqi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 33.2.Olmpdg32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.2.Khbbobom.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.Jjqijmeq.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.2.Mnodnfob.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Xtks4KI16J.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 31.2.Obbofa32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.2.Mhlaakam.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.2.Lqbqnc32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.2.Kkjhjn32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.Idogffko.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 32.2.Ooipkb32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.Jddqaf32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.2.Nbdbdc32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 29.2.Njfmiegc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.2.Mhlaakam.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.2.Naipepdh.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000018.00000002.2001051775.000000000042B000.00000004.00000001.01000000.0000001B.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.2012897426.000000000042B000.00000004.00000001.01000000.00000025.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.2002980502.000000000042B000.00000004.00000001.01000000.0000001D.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.1987471681.000000000042B000.00000004.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1997305400.000000000042B000.00000004.00000001.01000000.00000017.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000002.1991869947.000000000042B000.00000004.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000002.2017857827.000000000042B000.00000004.00000001.01000000.0000002A.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000002.2009121717.000000000042B000.00000004.00000001.01000000.00000022.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.1988693951.000000000042B000.00000004.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000002.1990432302.000000000042B000.00000004.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000002.1998585566.000000000042B000.00000004.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.2004365207.000000000042B000.00000004.00000001.01000000.0000001E.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000002.2016019452.000000000042B000.00000004.00000001.01000000.00000028.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.1982562302.000000000042B000.00000004.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match File source: 00000021.00000002.2011709914.000000000042B000.00000004.00000001.01000000.00000024.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.2005187515.000000000042B000.00000004.00000001.01000000.0000001F.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000002.2010388848.000000000042B000.00000004.00000001.01000000.00000023.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.1996078881.000000000042B000.00000004.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.2008077984.000000000042B000.00000004.00000001.01000000.00000021.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000002.1999586381.000000000042B000.00000004.00000001.01000000.0000001A.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000002.1985567194.000000000042B000.00000004.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match File source: 00000026.00000002.2017111770.000000000042B000.00000004.00000001.01000000.00000029.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.1994565007.000000000042B000.00000004.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.1981500181.000000000042B000.00000004.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1997873391.000000000042B000.00000004.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2015659350.000000000042B000.00000004.00000001.01000000.00000027.sdmp, type: MEMORY
Source: Yara match File source: 00000023.00000002.2014944937.000000000042B000.00000004.00000001.01000000.00000026.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000002.1992970209.000000000042B000.00000004.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000002.2002193178.000000000042B000.00000004.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000002.2007198128.000000000042B000.00000004.00000001.01000000.00000020.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Xtks4KI16J.exe PID: 1620, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ikgcna32.exe PID: 5228, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Idogffko.exe PID: 4484, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ipfhkgac.exe PID: 3300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ikklipqi.exe PID: 5824, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jddqaf32.exe PID: 4564, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jjqijmeq.exe PID: 3632, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jgdjcadj.exe PID: 2596, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jqmnlf32.exe PID: 6748, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jkbbioja.exe PID: 4280, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jbogli32.exe PID: 6008, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Kjjlpk32.exe PID: 6668, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Kkjhjn32.exe PID: 7112, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Khnicb32.exe PID: 7184, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Khbbobom.exe PID: 7200, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lbmcmgck.exe PID: 7216, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lqbqnc32.exe PID: 7232, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lileeqgb.exe PID: 7248, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lgqbfmlj.exe PID: 7264, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mbiciein.exe PID: 7284, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mnodnfob.exe PID: 7300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mapmoalc.exe PID: 7320, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mndmif32.exe PID: 7336, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mhlaakam.exe PID: 7352, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Maefjq32.exe PID: 7368, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nbdbdc32.exe PID: 7384, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Naipepdh.exe PID: 7400, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nnmpodcb.exe PID: 7416, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nlaqhh32.exe PID: 7432, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Njfmiegc.exe PID: 7448, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Oihnglob.exe PID: 7464, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Obbofa32.exe PID: 7480, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ooipkb32.exe PID: 7496, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Olmpdg32.exe PID: 7512, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Olpmjffk.exe PID: 7532, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Plbiofci.exe PID: 7548, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Pkgfpbhq.exe PID: 7572, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Poeofa32.exe PID: 7588, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Pklpkb32.exe PID: 7604, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Peadik32.exe PID: 7620, type: MEMORYSTR
Yara detected Njrat
Source: Yara match File source: Xtks4KI16J.exe, type: SAMPLE
Source: Yara match File source: 37.3.Poeofa32.exe.81aabc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 31.3.Obbofa32.exe.72a3bc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.3.Mndmif32.exe.6ca364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.3.Kjjlpk32.exe.60a944.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.3.Xtks4KI16J.exe.54bf44.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.3.Ikklipqi.exe.64a3cc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.3.Jjqijmeq.exe.52997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.3.Ipfhkgac.exe.5d9814.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.3.Khbbobom.exe.61997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.3.Naipepdh.exe.7ba3cc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.3.Idogffko.exe.5ea36c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.3.Lgqbfmlj.exe.7aa944.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.3.Olpmjffk.exe.58a6d4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 33.3.Olmpdg32.exe.50997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.3.Mbiciein.exe.53a91c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.3.Jgdjcadj.exe.56a94c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 32.3.Ooipkb32.exe.61997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.3.Mnodnfob.exe.7a925c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.3.Nnmpodcb.exe.61957c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.3.Jddqaf32.exe.58925c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.3.Lileeqgb.exe.69a364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 33.3.Olmpdg32.exe.50997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.3.Jqmnlf32.exe.4c9754.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.3.Ikgcna32.exe.5e9814.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.3.Lileeqgb.exe.69a364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.3.Nlaqhh32.exe.6ea3b4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.3.Nbdbdc32.exe.78a94c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.3.Jddqaf32.exe.58925c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 36.3.Pkgfpbhq.exe.50a364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.3.Jgdjcadj.exe.56a94c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.3.Maefjq32.exe.6f9254.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.3.Khnicb32.exe.64a624.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 35.3.Plbiofci.exe.79997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.3.Idogffko.exe.5ea36c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.3.Jbogli32.exe.5b9254.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.3.Kkjhjn32.exe.50997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 32.3.Ooipkb32.exe.61997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.3.Ikklipqi.exe.64a3cc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.3.Mhlaakam.exe.4dc24c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.3.Mhlaakam.exe.4dc24c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.3.Mbiciein.exe.53a91c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 39.3.Peadik32.exe.55bd9c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 39.3.Peadik32.exe.55bd9c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.3.Mnodnfob.exe.7a925c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.3.Ikgcna32.exe.5e9814.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.3.Jqmnlf32.exe.4c9754.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.3.Poeofa32.exe.81aabc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 36.3.Pkgfpbhq.exe.50a364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 38.3.Pklpkb32.exe.7aa984.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.3.Lbmcmgck.exe.5b957c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.3.Khbbobom.exe.61997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.3.Nnmpodcb.exe.61957c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.3.Jbogli32.exe.5b9254.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.3.Kkjhjn32.exe.50997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.3.Olpmjffk.exe.58a6d4.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.3.Kjjlpk32.exe.60a944.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 29.3.Njfmiegc.exe.66a364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.3.Oihnglob.exe.5b997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.3.Nlaqhh32.exe.6ea3b4.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.3.Ipfhkgac.exe.5d9814.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.3.Jkbbioja.exe.7b997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.3.Lbmcmgck.exe.5b957c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.3.Maefjq32.exe.6f9254.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 35.3.Plbiofci.exe.79997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.3.Khnicb32.exe.64a624.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.3.Lqbqnc32.exe.6c9254.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.3.Mndmif32.exe.6ca364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.3.Naipepdh.exe.7ba3cc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.3.Jjqijmeq.exe.52997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.3.Mapmoalc.exe.6d997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.3.Mapmoalc.exe.6d997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 29.3.Njfmiegc.exe.66a364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.3.Nbdbdc32.exe.78a94c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 38.3.Pklpkb32.exe.7aa984.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.3.Lgqbfmlj.exe.7aa944.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.3.Jkbbioja.exe.7b997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 31.3.Obbofa32.exe.72a3bc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.3.Oihnglob.exe.5b997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.3.Lqbqnc32.exe.6c9254.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.3.Xtks4KI16J.exe.54bf44.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000012.00000003.1688164672.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000003.1697552383.0000000000797000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000003.1694510887.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000003.1701418557.0000000000625000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000003.1694286330.0000000000498000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.1671203618.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.1676781348.00000000005E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000003.1683462189.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.1670457993.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000003.1672819793.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000003.1684949314.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000003.1693116752.0000000000685000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000021.00000003.1705228208.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.1668782636.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000003.1703656412.0000000000707000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000021.00000003.1705639249.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000003.1709294497.00000000004C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000003.1690898361.0000000000786000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000003.1706530374.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000003.1710074051.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000003.1704430325.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000003.1674880791.0000000000796000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000003.1687305020.0000000000677000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000003.1667291116.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000003.1699661136.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000003.1703055149.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000003.1695645633.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1667029266.0000000000529000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000003.1672114191.0000000000526000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000003.1695959573.0000000000746000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000003.1707729803.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000003.1692151763.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.1679986428.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000003.1702063579.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000003.1677476799.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000003.1710369558.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000003.1694223714.00000000004B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000003.1702539267.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000003.1667894302.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000003.1690653470.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000003.1697597168.0000000000775000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000003.1672430705.0000000000547000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000003.1710709203.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.1668815811.00000000005A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000003.1712420174.0000000000518000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000003.1671436205.0000000000506000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000003.1681947520.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000023.00000003.1707981977.0000000000776000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.1681569219.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.1669744969.0000000000606000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000003.1673624988.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.1670200142.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000003.1691398102.0000000000786000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.1676450226.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000003.1701115040.0000000000647000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000003.1698913597.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000003.1674489593.0000000000796000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000003.1689381091.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000003.1686405855.0000000000656000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000003.1671740347.0000000000506000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000003.1686155433.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000003.1688636072.0000000000787000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1667061193.0000000000508000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.1669035615.00000000005B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000026.00000003.1711570308.0000000000787000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000003.1699181347.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000003.1682561869.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000003.1697850395.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000003.1703953725.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000003.1684599558.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000003.1696422787.0000000000767000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000003.1676196679.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.1669512206.00000000005B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000003.1693082181.00000000006A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000003.1691808934.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000003.1712314991.0000000000539000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000023.00000003.1708810484.0000000000776000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000003.1678785309.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Xtks4KI16J.exe PID: 1620, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ikgcna32.exe PID: 5228, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Idogffko.exe PID: 4484, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ipfhkgac.exe PID: 3300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ikklipqi.exe PID: 5824, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jddqaf32.exe PID: 4564, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jjqijmeq.exe PID: 3632, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jgdjcadj.exe PID: 2596, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jqmnlf32.exe PID: 6748, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jkbbioja.exe PID: 4280, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jbogli32.exe PID: 6008, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Kjjlpk32.exe PID: 6668, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Kkjhjn32.exe PID: 7112, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Khnicb32.exe PID: 7184, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Khbbobom.exe PID: 7200, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lbmcmgck.exe PID: 7216, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lqbqnc32.exe PID: 7232, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lileeqgb.exe PID: 7248, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lgqbfmlj.exe PID: 7264, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mbiciein.exe PID: 7284, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mnodnfob.exe PID: 7300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mapmoalc.exe PID: 7320, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mndmif32.exe PID: 7336, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mhlaakam.exe PID: 7352, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Maefjq32.exe PID: 7368, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nbdbdc32.exe PID: 7384, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Naipepdh.exe PID: 7400, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nnmpodcb.exe PID: 7416, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nlaqhh32.exe PID: 7432, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Njfmiegc.exe PID: 7448, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Oihnglob.exe PID: 7464, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Obbofa32.exe PID: 7480, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ooipkb32.exe PID: 7496, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Olmpdg32.exe PID: 7512, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Olpmjffk.exe PID: 7532, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Plbiofci.exe PID: 7548, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Pkgfpbhq.exe PID: 7572, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Poeofa32.exe PID: 7588, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Pklpkb32.exe PID: 7604, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Peadik32.exe PID: 7620, type: MEMORYSTR
Source: Yara match File source: C:\Windows\SysWOW64\Peadik32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lileeqgb.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Pkgfpbhq.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Olpmjffk.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Kkjhjn32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lbmcmgck.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Olmpdg32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jqmnlf32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mndmif32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Njfmiegc.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mapmoalc.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mbiciein.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Poeofa32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jjqijmeq.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Pojhapkb.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Nnmpodcb.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lqbqnc32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jbogli32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Naipepdh.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lgqbfmlj.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ikgcna32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Nbdbdc32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Khnicb32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mhlaakam.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ikklipqi.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jddqaf32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Idogffko.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ipfhkgac.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Plbiofci.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Khbbobom.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jgdjcadj.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ooipkb32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Obbofa32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Nlaqhh32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Kjjlpk32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Oihnglob.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Pklpkb32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jkbbioja.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Maefjq32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mnodnfob.exe, type: DROPPED

Remote Access Functionality
barindex
Yara detected Berbew
Source: Yara match File source: 3.2.Ipfhkgac.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.2.Naipepdh.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.2.Kjjlpk32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.2.Maefjq32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 32.2.Ooipkb32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.2.Oihnglob.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.Ikgcna32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.Jbogli32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.2.Nnmpodcb.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 36.2.Pkgfpbhq.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.2.Jqmnlf32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.2.Kjjlpk32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 38.2.Pklpkb32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.2.Kkjhjn32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.Jddqaf32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.2.Jgdjcadj.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.2.Nbdbdc32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.2.Mapmoalc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.2.Lqbqnc32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.2.Lgqbfmlj.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.2.Olpmjffk.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.2.Poeofa32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.Ipfhkgac.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.2.Mndmif32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.Ikklipqi.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.2.Khnicb32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 39.2.Peadik32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.2.Lileeqgb.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Xtks4KI16J.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.2.Mndmif32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.2.Lbmcmgck.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.2.Lgqbfmlj.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.2.Nlaqhh32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.2.Jqmnlf32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 35.2.Plbiofci.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.2.Nlaqhh32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.Ikgcna32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.2.Mbiciein.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.2.Olpmjffk.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.2.Lileeqgb.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.2.Lbmcmgck.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.2.Khbbobom.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.2.Jkbbioja.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 39.2.Peadik32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.2.Nnmpodcb.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 29.2.Njfmiegc.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.2.Khnicb32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 36.2.Pkgfpbhq.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.2.Oihnglob.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.2.Mnodnfob.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.2.Maefjq32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.Idogffko.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.2.Mapmoalc.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 33.2.Olmpdg32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 35.2.Plbiofci.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.2.Jgdjcadj.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.2.Poeofa32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.2.Mbiciein.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.Jbogli32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 38.2.Pklpkb32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.Jjqijmeq.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 31.2.Obbofa32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.2.Jkbbioja.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.Ikklipqi.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 33.2.Olmpdg32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.2.Khbbobom.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.Jjqijmeq.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.2.Mnodnfob.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Xtks4KI16J.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 31.2.Obbofa32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.2.Mhlaakam.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.2.Lqbqnc32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.2.Kkjhjn32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.Idogffko.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 32.2.Ooipkb32.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.Jddqaf32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.2.Nbdbdc32.exe.42bdf8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 29.2.Njfmiegc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.2.Mhlaakam.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.2.Naipepdh.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000018.00000002.2001051775.000000000042B000.00000004.00000001.01000000.0000001B.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.2012897426.000000000042B000.00000004.00000001.01000000.00000025.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.2002980502.000000000042B000.00000004.00000001.01000000.0000001D.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1972379509.000000000042B000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.1987471681.000000000042B000.00000004.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1997305400.000000000042B000.00000004.00000001.01000000.00000017.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000002.1991869947.000000000042B000.00000004.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.1975447557.000000000042B000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000002.2017857827.000000000042B000.00000004.00000001.01000000.0000002A.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000002.2009121717.000000000042B000.00000004.00000001.01000000.00000022.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1973430337.000000000042B000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.1988693951.000000000042B000.00000004.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000002.1990432302.000000000042B000.00000004.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000002.1998585566.000000000042B000.00000004.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.2004365207.000000000042B000.00000004.00000001.01000000.0000001E.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000002.2016019452.000000000042B000.00000004.00000001.01000000.00000028.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.1982562302.000000000042B000.00000004.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match File source: 00000021.00000002.2011709914.000000000042B000.00000004.00000001.01000000.00000024.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.1981409119.000000000042B000.00000004.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.2005187515.000000000042B000.00000004.00000001.01000000.0000001F.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000002.2010388848.000000000042B000.00000004.00000001.01000000.00000023.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.1996078881.000000000042B000.00000004.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1976379122.000000000042B000.00000004.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.2008077984.000000000042B000.00000004.00000001.01000000.00000021.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000002.1999586381.000000000042B000.00000004.00000001.01000000.0000001A.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.1977212740.000000000042B000.00000004.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000002.1985567194.000000000042B000.00000004.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match File source: 00000026.00000002.2017111770.000000000042B000.00000004.00000001.01000000.00000029.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.1974232276.000000000042B000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.1994565007.000000000042B000.00000004.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.1981500181.000000000042B000.00000004.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.1977943984.000000000042B000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1997873391.000000000042B000.00000004.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.1979025838.000000000042B000.00000004.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2015659350.000000000042B000.00000004.00000001.01000000.00000027.sdmp, type: MEMORY
Source: Yara match File source: 00000023.00000002.2014944937.000000000042B000.00000004.00000001.01000000.00000026.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000002.1992970209.000000000042B000.00000004.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1974907016.000000000042B000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000002.2002193178.000000000042B000.00000004.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000002.2007198128.000000000042B000.00000004.00000001.01000000.00000020.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Xtks4KI16J.exe PID: 1620, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ikgcna32.exe PID: 5228, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Idogffko.exe PID: 4484, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ipfhkgac.exe PID: 3300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ikklipqi.exe PID: 5824, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jddqaf32.exe PID: 4564, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jjqijmeq.exe PID: 3632, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jgdjcadj.exe PID: 2596, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jqmnlf32.exe PID: 6748, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jkbbioja.exe PID: 4280, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jbogli32.exe PID: 6008, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Kjjlpk32.exe PID: 6668, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Kkjhjn32.exe PID: 7112, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Khnicb32.exe PID: 7184, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Khbbobom.exe PID: 7200, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lbmcmgck.exe PID: 7216, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lqbqnc32.exe PID: 7232, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lileeqgb.exe PID: 7248, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lgqbfmlj.exe PID: 7264, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mbiciein.exe PID: 7284, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mnodnfob.exe PID: 7300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mapmoalc.exe PID: 7320, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mndmif32.exe PID: 7336, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mhlaakam.exe PID: 7352, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Maefjq32.exe PID: 7368, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nbdbdc32.exe PID: 7384, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Naipepdh.exe PID: 7400, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nnmpodcb.exe PID: 7416, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nlaqhh32.exe PID: 7432, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Njfmiegc.exe PID: 7448, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Oihnglob.exe PID: 7464, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Obbofa32.exe PID: 7480, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ooipkb32.exe PID: 7496, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Olmpdg32.exe PID: 7512, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Olpmjffk.exe PID: 7532, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Plbiofci.exe PID: 7548, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Pkgfpbhq.exe PID: 7572, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Poeofa32.exe PID: 7588, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Pklpkb32.exe PID: 7604, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Peadik32.exe PID: 7620, type: MEMORYSTR
Yara detected Njrat
Source: Yara match File source: Xtks4KI16J.exe, type: SAMPLE
Source: Yara match File source: 37.3.Poeofa32.exe.81aabc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 31.3.Obbofa32.exe.72a3bc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.3.Mndmif32.exe.6ca364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.3.Kjjlpk32.exe.60a944.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.3.Xtks4KI16J.exe.54bf44.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.3.Ikklipqi.exe.64a3cc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.3.Jjqijmeq.exe.52997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.3.Ipfhkgac.exe.5d9814.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.3.Khbbobom.exe.61997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.3.Naipepdh.exe.7ba3cc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.3.Idogffko.exe.5ea36c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.3.Lgqbfmlj.exe.7aa944.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.3.Olpmjffk.exe.58a6d4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 33.3.Olmpdg32.exe.50997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.3.Mbiciein.exe.53a91c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.3.Jgdjcadj.exe.56a94c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 32.3.Ooipkb32.exe.61997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.3.Mnodnfob.exe.7a925c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.3.Nnmpodcb.exe.61957c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.3.Jddqaf32.exe.58925c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.3.Lileeqgb.exe.69a364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 33.3.Olmpdg32.exe.50997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.3.Jqmnlf32.exe.4c9754.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.3.Ikgcna32.exe.5e9814.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.3.Lileeqgb.exe.69a364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.3.Nlaqhh32.exe.6ea3b4.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.3.Nbdbdc32.exe.78a94c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.3.Jddqaf32.exe.58925c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 36.3.Pkgfpbhq.exe.50a364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.3.Jgdjcadj.exe.56a94c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.3.Maefjq32.exe.6f9254.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.3.Khnicb32.exe.64a624.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 35.3.Plbiofci.exe.79997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.3.Idogffko.exe.5ea36c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.3.Jbogli32.exe.5b9254.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.3.Kkjhjn32.exe.50997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 32.3.Ooipkb32.exe.61997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.3.Ikklipqi.exe.64a3cc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.3.Mhlaakam.exe.4dc24c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.3.Mhlaakam.exe.4dc24c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.3.Mbiciein.exe.53a91c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 39.3.Peadik32.exe.55bd9c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 39.3.Peadik32.exe.55bd9c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.3.Mnodnfob.exe.7a925c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.3.Ikgcna32.exe.5e9814.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.3.Jqmnlf32.exe.4c9754.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.3.Poeofa32.exe.81aabc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 36.3.Pkgfpbhq.exe.50a364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 38.3.Pklpkb32.exe.7aa984.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.3.Lbmcmgck.exe.5b957c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.3.Khbbobom.exe.61997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.3.Nnmpodcb.exe.61957c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.3.Jbogli32.exe.5b9254.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.3.Kkjhjn32.exe.50997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.3.Olpmjffk.exe.58a6d4.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.3.Kjjlpk32.exe.60a944.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 29.3.Njfmiegc.exe.66a364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.3.Oihnglob.exe.5b997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.3.Nlaqhh32.exe.6ea3b4.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.3.Ipfhkgac.exe.5d9814.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.3.Jkbbioja.exe.7b997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.3.Lbmcmgck.exe.5b957c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.3.Maefjq32.exe.6f9254.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 35.3.Plbiofci.exe.79997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 13.3.Khnicb32.exe.64a624.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.3.Lqbqnc32.exe.6c9254.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 22.3.Mndmif32.exe.6ca364.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.3.Naipepdh.exe.7ba3cc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.3.Jjqijmeq.exe.52997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.3.Mapmoalc.exe.6d997c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.3.Mapmoalc.exe.6d997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 29.3.Njfmiegc.exe.66a364.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.3.Nbdbdc32.exe.78a94c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 38.3.Pklpkb32.exe.7aa984.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.3.Lgqbfmlj.exe.7aa944.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.3.Jkbbioja.exe.7b997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 31.3.Obbofa32.exe.72a3bc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.3.Oihnglob.exe.5b997c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.3.Lqbqnc32.exe.6c9254.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.3.Xtks4KI16J.exe.54bf44.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000012.00000003.1688164672.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000003.1697552383.0000000000797000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000003.1694510887.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000003.1701418557.0000000000625000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000003.1694286330.0000000000498000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.1671203618.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.1676781348.00000000005E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000003.1683462189.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.1670457993.0000000000566000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000003.1672819793.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000003.1684949314.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000003.1693116752.0000000000685000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000021.00000003.1705228208.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.1668782636.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000003.1703656412.0000000000707000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000021.00000003.1705639249.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000003.1709294497.00000000004C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000003.1690898361.0000000000786000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000003.1706530374.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000003.1710074051.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000003.1704430325.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000003.1674880791.0000000000796000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000003.1687305020.0000000000677000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000003.1667291116.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000003.1699661136.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000003.1703055149.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000003.1695645633.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1667029266.0000000000529000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000003.1672114191.0000000000526000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000003.1695959573.0000000000746000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000003.1707729803.0000000000567000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000003.1692151763.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.1679986428.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000003.1702063579.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000003.1677476799.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000003.1710369558.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000003.1694223714.00000000004B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000003.1702539267.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000003.1667894302.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000003.1690653470.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000003.1697597168.0000000000775000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000003.1672430705.0000000000547000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000003.1710709203.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.1668815811.00000000005A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000003.1712420174.0000000000518000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000003.1671436205.0000000000506000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000003.1681947520.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000023.00000003.1707981977.0000000000776000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.1681569219.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.1669744969.0000000000606000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000003.1673624988.00000000004A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.1670200142.0000000000627000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000003.1691398102.0000000000786000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.1676450226.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000003.1701115040.0000000000647000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000003.1698913597.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000003.1674489593.0000000000796000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000003.1689381091.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000003.1686405855.0000000000656000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000003.1671740347.0000000000506000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000003.1686155433.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000003.1688636072.0000000000787000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1667061193.0000000000508000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.1669035615.00000000005B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000026.00000003.1711570308.0000000000787000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000003.1699181347.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000003.1682561869.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000003.1697850395.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000003.1703953725.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000003.1684599558.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000003.1696422787.0000000000767000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000003.1676196679.0000000000596000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.1669512206.00000000005B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000003.1693082181.00000000006A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000003.1691808934.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000003.1712314991.0000000000539000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000023.00000003.1708810484.0000000000776000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000003.1678785309.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Xtks4KI16J.exe PID: 1620, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ikgcna32.exe PID: 5228, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Idogffko.exe PID: 4484, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ipfhkgac.exe PID: 3300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ikklipqi.exe PID: 5824, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jddqaf32.exe PID: 4564, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jjqijmeq.exe PID: 3632, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jgdjcadj.exe PID: 2596, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jqmnlf32.exe PID: 6748, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jkbbioja.exe PID: 4280, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Jbogli32.exe PID: 6008, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Kjjlpk32.exe PID: 6668, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Kkjhjn32.exe PID: 7112, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Khnicb32.exe PID: 7184, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Khbbobom.exe PID: 7200, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lbmcmgck.exe PID: 7216, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lqbqnc32.exe PID: 7232, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lileeqgb.exe PID: 7248, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Lgqbfmlj.exe PID: 7264, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mbiciein.exe PID: 7284, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mnodnfob.exe PID: 7300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mapmoalc.exe PID: 7320, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mndmif32.exe PID: 7336, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Mhlaakam.exe PID: 7352, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Maefjq32.exe PID: 7368, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nbdbdc32.exe PID: 7384, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Naipepdh.exe PID: 7400, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nnmpodcb.exe PID: 7416, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Nlaqhh32.exe PID: 7432, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Njfmiegc.exe PID: 7448, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Oihnglob.exe PID: 7464, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Obbofa32.exe PID: 7480, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Ooipkb32.exe PID: 7496, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Olmpdg32.exe PID: 7512, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Olpmjffk.exe PID: 7532, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Plbiofci.exe PID: 7548, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Pkgfpbhq.exe PID: 7572, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Poeofa32.exe PID: 7588, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Pklpkb32.exe PID: 7604, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: Peadik32.exe PID: 7620, type: MEMORYSTR
Source: Yara match File source: C:\Windows\SysWOW64\Peadik32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lileeqgb.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Pkgfpbhq.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Olpmjffk.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Kkjhjn32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lbmcmgck.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Olmpdg32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jqmnlf32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mndmif32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Njfmiegc.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mapmoalc.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mbiciein.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Poeofa32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jjqijmeq.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Pojhapkb.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Nnmpodcb.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lqbqnc32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jbogli32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Naipepdh.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Lgqbfmlj.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ikgcna32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Nbdbdc32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Khnicb32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mhlaakam.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ikklipqi.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jddqaf32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Idogffko.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ipfhkgac.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Plbiofci.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Khbbobom.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jgdjcadj.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Ooipkb32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Obbofa32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Nlaqhh32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Kjjlpk32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Oihnglob.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Pklpkb32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Jkbbioja.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Maefjq32.exe, type: DROPPED
Source: Yara match File source: C:\Windows\SysWOW64\Mnodnfob.exe, type: DROPPED
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1507175 Sample: Xtks4KI16J.exe Startdate: 08/09/2024 Architecture: WINDOWS Score: 100 96 Malicious sample detected (through community Yara rule) 2->96 98 Antivirus detection for URL or domain 2->98 100 Antivirus detection for dropped file 2->100 102 7 other signatures 2->102 14 Xtks4KI16J.exe 3 3 2->14         started        process3 file4 82 C:\Windows\SysWOW64\Ikgcna32.exe, PE32 14->82 dropped 84 C:\Windows\SysWOW64\Hiiodl32.dll, PE32 14->84 dropped 86 C:\Windows\...\Ikgcna32.exe:Zone.Identifier, ASCII 14->86 dropped 138 Creates an undocumented autostart registry key 14->138 140 Drops executables to the windows directory (C:\Windows) and starts them 14->140 18 Ikgcna32.exe 2 14->18         started        signatures5 process6 file7 54 C:\Windows\SysWOW64\Ojkfapce.dll, PE32 18->54 dropped 56 C:\Windows\SysWOW64\Idogffko.exe, PE32 18->56 dropped 104 Antivirus detection for dropped file 18->104 106 Machine Learning detection for dropped file 18->106 108 Drops executables to the windows directory (C:\Windows) and starts them 18->108 22 Idogffko.exe 2 18->22         started        signatures8 process9 file10 66 C:\Windows\SysWOW64\Qelfpmpj.dll, PE32 22->66 dropped 68 C:\Windows\SysWOW64\Ipfhkgac.exe, PE32 22->68 dropped 118 Antivirus detection for dropped file 22->118 120 Machine Learning detection for dropped file 22->120 122 Drops executables to the windows directory (C:\Windows) and starts them 22->122 26 Ipfhkgac.exe 2 22->26         started        signatures11 process12 file13 74 C:\Windows\SysWOW64\Pkdiefem.dll, PE32 26->74 dropped 76 C:\Windows\SysWOW64\Ikklipqi.exe, PE32 26->76 dropped 126 Antivirus detection for dropped file 26->126 128 Machine Learning detection for dropped file 26->128 130 Drops executables to the windows directory (C:\Windows) and starts them 26->130 30 Ikklipqi.exe 2 26->30         started        signatures14 process15 file16 88 C:\Windows\SysWOW64\Jddqaf32.exe, PE32 30->88 dropped 90 C:\Windows\SysWOW64behaviorgraphhhjiigd.dll, PE32 30->90 dropped 142 Antivirus detection for dropped file 30->142 144 Machine Learning detection for dropped file 30->144 146 Drops executables to the windows directory (C:\Windows) and starts them 30->146 34 Jddqaf32.exe 2 30->34         started        signatures17 process18 file19 58 C:\Windows\SysWOW64\Jjqijmeq.exe, PE32 34->58 dropped 60 C:\Windows\SysWOW64kicli32.dll, PE32 34->60 dropped 110 Antivirus detection for dropped file 34->110 112 Machine Learning detection for dropped file 34->112 114 Drops executables to the windows directory (C:\Windows) and starts them 34->114 38 Jjqijmeq.exe 2 34->38         started        signatures20 process21 file22 70 C:\Windows\SysWOW64\Jgdjcadj.exe, PE32 38->70 dropped 72 C:\Windows\SysWOW64behaviorgraphlblcojl.dll, PE32 38->72 dropped 124 Drops executables to the windows directory (C:\Windows) and starts them 38->124 42 Jgdjcadj.exe 2 38->42         started        signatures23 process24 file25 78 C:\Windows\SysWOW64\Ppgdmofd.dll, PE32 42->78 dropped 80 C:\Windows\SysWOW64\Jqmnlf32.exe, PE32 42->80 dropped 132 Antivirus detection for dropped file 42->132 134 Machine Learning detection for dropped file 42->134 136 Drops executables to the windows directory (C:\Windows) and starts them 42->136 46 Jqmnlf32.exe 2 42->46         started        signatures26 process27 file28 92 C:\Windows\SysWOW64\Jkbbioja.exe, PE32 46->92 dropped 94 C:\Windows\SysWOW64\Dblkhkce.dll, PE32 46->94 dropped 148 Drops executables to the windows directory (C:\Windows) and starts them 46->148 50 Jkbbioja.exe 2 46->50         started        signatures29 process30 file31 62 C:\Windows\SysWOW64\Jbogli32.exe, PE32 50->62 dropped 64 C:\Windows\SysWOW64\Cacope32.dll, PE32 50->64 dropped 116 Drops executables to the windows directory (C:\Windows) and starts them 50->116 signatures32
No contacted IP infos