There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
Tags
Common Information
Type | Value |
---|---|
UUID | d6c0de02-2515-48ba-a9c3-c360789947d9 |
Fingerprint | ac141f0ba933375b |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Dec. 1, 2020, 7 p.m. |
Added to db | Sept. 11, 2022, 12:30 p.m. |
Last updated | Dec. 23, 2024, 10:10 a.m. |
Headline | Sonatype Blog |
Title | There’s a RAT in my code: new npm malware with Bladabindi trojan spotted |
Detected Hints/Tags/Attributes | 58/2/16 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 25 | dl.dropbox.com |
|
Details | File | 2 | jdb.js |
|
Details | File | 2 | db-json.js |
|
Details | File | 3 | discord.dll |
|
Details | File | 169 | package.json |
|
Details | File | 4 | module.js |
|
Details | File | 15 | patch.exe |
|
Details | File | 1 | dchps.exe |
|
Details | File | 1 | c:\users\admin\appdata\local\temp\dchps.exe |
|
Details | File | 2 | pass.exe |
|
Details | File | 1 | dbmanager.js |
|
Details | File | 1 | 'jdb.js |
|
Details | sha256 | 2 | d6c04cc24598c63e1d561768663808ff43a73d3876aee17d90e2ea01ee9540ff |
|
Details | sha256 | 2 | 86c11e56a1a3fed321e9ddc191601a318148b4d3e40c96f1764bfa05c5dbf212 |
|
Details | IPv4 | 3 | 46.185.116.2 |
|
Details | Url | 1 | https://dl.dropbox.com/s/p84aaz28t0hepul/pass.exe |