Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #njrat observations
- 12/12/2017
- sha256 fbfbd93fa406eec618170b711abe1b01b06cef21a3c6e14f1cb10ade1676c78e
- https://www.reverse.it/sample/fbfbd93fa406eec618170b711abe1b01b06cef21a3c6e14f1cb10ade1676c78e?environmentId=100
- unusual non-web port ( 176.33.216.101 on port 1177 )
- process hierarchy [ exe -> somewhat legit looking EXE name -> netsh.exe netsh firewall add allowedprogram]
- no cmd.exe ping command found
- 12/11/2017
- sha256 9e6d619c5835be753e903c1b6a84e8bfc0bf169ae42d53c3d8b76a8b7510a0f5
- https://www.reverse.it/sample/9e6d619c5835be753e903c1b6a84e8bfc0bf169ae42d53c3d8b76a8b7510a0f5?environmentId=100
- unusual non-web port ( 141.255.146.55 on port 8085 )
- process hierarchy [ exe -> somewhat legit looking EXE name -> netsh.exe netsh firewall add allowedprogram]
- cmd.exe ping command in strings
- 12/9/2017
- sha256 78852535581f2d1d55f8ae1c37020e106c450d9dd67f9a47c27d86c9ae8788fd
- https://www.reverse.it/sample/78852535581f2d1d55f8ae1c37020e106c450d9dd67f9a47c27d86c9ae8788fd?environmentId=100
- unusual non-web port ( 5.2.76.91 on port 1111 )
- process hierarchy [ exe -> somewhat legit looking EXE name]
- no cmd.exe ping command found
- 12/8/2017
- sha256 67f5691549e0eb08c6603f4cc6fd30a3549fd7a0a587fe76bc6117506657675c
- https://www.reverse.it/sample/67f5691549e0eb08c6603f4cc6fd30a3549fd7a0a587fe76bc6117506657675c?environmentId=100
- unusual non-web port ( 41.227.36.161 on port 5552 )
- process hierarchy [ exe -> somewhat legit looking EXE name -> netsh.exe netsh firewall add allowedprogram]
- cmd.exe ping command in strings
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement