General
-
Target
Doc_CompanyPROFILE_Quote30062021.exe
-
Size
689KB
-
Sample
210630-te8pmehq62
-
MD5
d07f6d4d26c2fce6d6fcaedb2c9de1c2
-
SHA1
1bb5bb489d633cef59cb4d34d627aea811dad7fd
-
SHA256
b23fac3382a51f1910438bce97a602ced4b5509fe28f323cde76a60914d83c8d
-
SHA512
da5955dceb2dad9fdede9cc1c59f0ab995f3b5fd74b3a42e9d49019a8fde9948273bc664f616d11f4b232b236a7f2f96f8aeb594ecde682f77ea0375cb675935
Malware Config
Extracted
njrat
0.7d
2021$$$
194.5.98.210:4040
0ef5de3f5b1fb89677ba03e41fa0a05a
-
reg_key
0ef5de3f5b1fb89677ba03e41fa0a05a
-
splitter
|'|'|
Targets
-
-
Target
Doc_CompanyPROFILE_Quote30062021.exe
-
Size
689KB
-
MD5
d07f6d4d26c2fce6d6fcaedb2c9de1c2
-
SHA1
1bb5bb489d633cef59cb4d34d627aea811dad7fd
-
SHA256
b23fac3382a51f1910438bce97a602ced4b5509fe28f323cde76a60914d83c8d
-
SHA512
da5955dceb2dad9fdede9cc1c59f0ab995f3b5fd74b3a42e9d49019a8fde9948273bc664f616d11f4b232b236a7f2f96f8aeb594ecde682f77ea0375cb675935
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-