General
-
Target
8A8C9E7B5E9ED6E2C7D66DC768A8702073263730FACC8.exe
-
Size
43KB
-
Sample
220519-g5aymabha6
-
MD5
3b55809e2326045149325b153cbeef00
-
SHA1
0df1e0201205eba38ace968587ee43421e902857
-
SHA256
8a8c9e7b5e9ed6e2c7d66dc768a8702073263730facc85095919727220e2a436
-
SHA512
38cf449b20dccec6c78d0cbeb3f5a8868b7e5cb9f0a7175473c4cf137187a937c74df7852d7aebb8dde51151bae07036023af1bfc3b4f45487d96719f015b26e
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
topher
eses46.noip.me:1605
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
8A8C9E7B5E9ED6E2C7D66DC768A8702073263730FACC8.exe
-
Size
43KB
-
MD5
3b55809e2326045149325b153cbeef00
-
SHA1
0df1e0201205eba38ace968587ee43421e902857
-
SHA256
8a8c9e7b5e9ed6e2c7d66dc768a8702073263730facc85095919727220e2a436
-
SHA512
38cf449b20dccec6c78d0cbeb3f5a8868b7e5cb9f0a7175473c4cf137187a937c74df7852d7aebb8dde51151bae07036023af1bfc3b4f45487d96719f015b26e
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-