ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port

Database Entry

IOC ID:294846
IOC Type :ip:port
Threat Type :botnet_cc
Malware: NjRAT
Malware alias:Bladabindi
Confidence Level : Confidence level is high (100%)
First seen:2022-01-13 21:45:29 UTC
Last seen:never
Reporter @AndreGironda
Reward 5 credits from ThreatFox
Tags:Bladabindi njrat

MITRE T1566.001
Date: Fri, 14 Jan 2022 05:00-05:30 +0800
Received: from (
Received: by (Authenticated sender: with ESMTPA id 8F1D24017D; Thu, 13 Jan 2022 16:15:20 -0500 (EST)
From: "Vhoang Gabriel"<>
Subject: Payment Receipt...
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0128_01C2A9A6.5DDF22A2"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Classification-ID: 7424933c-b5e9-4b24-8a9f-84c0699b5a24-1-1
Message-ID: <>
To: Undisclosed recipients:;
Attachment Name: A81N2M36C_INV0ICE_RECEIPT.iso
powerdrinkers_and_powerisos SHA256: da7700879e6013d9dad54b7f65375fd84a0988a6297e510d0130720d5c8fcfdb
Contained Executable Name: A81N2M36C_INV0ICE_RECEIPT.exe
Executable SHA256: 0a9d287a3539c979a8c215ca003ca35293c324644e2f2c4dc3a38b4c7f9fa143
Unpacked NjRAT Executable SHA256: a40caae7441c3e44dd934fa3bbc615465603fc89abb6256965adb3c29805b1d5

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2022-01-13 22:32:09 0a9d287a3539c979a8c215ca003ca35293c324644e2f2c4dc3a38b4c7f9fa143