General
-
Target
6C8F0805290D03AB8FE1D2E21EAF62B80AB8677C43027.exe
-
Size
82KB
-
Sample
210916-q8pqmadef6
-
MD5
42f06a2dd04a0b84c019557cc07f0cb6
-
SHA1
9f8b00c0cefd6e80ed813ac25b55b57e1289c724
-
SHA256
6c8f0805290d03ab8fe1d2e21eaf62b80ab8677c430272f23dea52de6e4d8998
-
SHA512
15228012f88fb714d868aec24574c532bb49a7f56ebdd8a97922d0a569a37c6f112cdb1224db37df50196c9cc08c07e90a1f72c26978adaaeec12212ef9a9556
Malware Config
Extracted
njrat
0.7 MultiHost
000000
karmina112.sytes.net,karmina115.sytes.net,burdun.dynu.net,burdun115.dynu.net,anunankis3.duckdns.org:1177
670b14728ad9902aecba32e22fa4f6bd
-
reg_key
670b14728ad9902aecba32e22fa4f6bd
-
splitter
|'|'|
Targets
-
-
Target
6C8F0805290D03AB8FE1D2E21EAF62B80AB8677C43027.exe
-
Size
82KB
-
MD5
42f06a2dd04a0b84c019557cc07f0cb6
-
SHA1
9f8b00c0cefd6e80ed813ac25b55b57e1289c724
-
SHA256
6c8f0805290d03ab8fe1d2e21eaf62b80ab8677c430272f23dea52de6e4d8998
-
SHA512
15228012f88fb714d868aec24574c532bb49a7f56ebdd8a97922d0a569a37c6f112cdb1224db37df50196c9cc08c07e90a1f72c26978adaaeec12212ef9a9556
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-