![]() ![]() The collected data is saved in %TEMP%\.exe.tmp and can then be uploaded to a remote server.īackdoor:MSIL/ Bladabindi can also receive the following backdoor commands: ![]() This means a malicious hacker can get access to your user names and passwords. It checks for camera drivers and installs a DLL plugin so it can record and upload the video to a remote malicious hacker. The malware can also use your PC camera to record and steal your personal information. Your PC name, country and serial numberīladabindi variants can also steal information such as your:.This means they can steal your sensitive information, including: Payloadīackdoor:MSIL/ Bladabindi gives a malicious hacker backdoor access to your PC. The malicious file can also be downloaded by other malware, or spread though malicious links and hacked websites.īackdoor:MSIL/ Bladabindi can also be downloaded by recent variants of the Worm:VBS/Jenxcus family and a dedicated downloader that we detect as TrojanDownloader:MSIL/ Bladabindi. This makes it seem as if nothing malicious happened. When you click on the shortcut the malware is launched and Windows Explorer is opened. They create a shortcut file with the name and folder icon of the drive. Some Bladabindi variants copy themselves to the root folder of a removable drive. Variants in this family can be installed on your PC when you open a spam email and open an attachment or click a malicious link. With data: also runs net.exe to add itself to the firewall exclusion list and bypass your firewall. It may also create the following registry keys to mark its infection: In subkey: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run In subkey: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run It may also change the following registry entry so that it runs each time you start your PC: It may copy itself to the following location to make sure it runs each time you start your PC: The threat copies itself to one of the following locations with a variable name, for example %TEMP%\ svhost.exe: The following are some sample file icons used by Bladabindi. This means Bladabindi can have any number of icons designed to mislead you into running the file. NJ Rat is publicly available and lets a malicious hacker choose the icon of the malware file it creates. We detect NJ Rat as VirTool:MSIL/Bladabindi.A. Bladabindi variants can be created using a malicious hacker tool known as NJ Rat. ![]()
0 Comments
Leave a Reply. |