General
-
Target
098228c41a3a687a644f54adb173337776854baef18398bb10acd79cd5c557c8
-
Size
3.0MB
-
Sample
220222-1frdvsfdam
-
MD5
7dfe40654aabe873de1ce8c96e43bb23
-
SHA1
49fc0259f3fe7b3a323cbf7c0e35e648b26fdd40
-
SHA256
098228c41a3a687a644f54adb173337776854baef18398bb10acd79cd5c557c8
-
SHA512
62d78d1fd2967ab80d57f0cd5eb886ec01380ca9b640f3f0ccde7acd1a2a5d99e7e33eace114930cb0173d34bde6f4afd6a09e32a6cbf84860f62815ebf0d7fa
Malware Config
Extracted
njrat
0.7d
Hacker
topgamer.duckdns.org:1177
4105d230e42c61d705eedcc9d12118e9
-
reg_key
4105d230e42c61d705eedcc9d12118e9
-
splitter
|'|'|
Targets
-
-
Target
098228c41a3a687a644f54adb173337776854baef18398bb10acd79cd5c557c8
-
Size
3.0MB
-
MD5
7dfe40654aabe873de1ce8c96e43bb23
-
SHA1
49fc0259f3fe7b3a323cbf7c0e35e648b26fdd40
-
SHA256
098228c41a3a687a644f54adb173337776854baef18398bb10acd79cd5c557c8
-
SHA512
62d78d1fd2967ab80d57f0cd5eb886ec01380ca9b640f3f0ccde7acd1a2a5d99e7e33eace114930cb0173d34bde6f4afd6a09e32a6cbf84860f62815ebf0d7fa
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-