General
-
Target
10b39a7b4cc868c0bb82b9c379dacca3128a3d895534ceb3f4530254283df714
-
Size
93KB
-
Sample
220520-1avt4aghan
-
MD5
11c813cb79e7eea0425a08f23310f453
-
SHA1
d28dda7daf5adbaef897dfd64777d2fcc828dd39
-
SHA256
10b39a7b4cc868c0bb82b9c379dacca3128a3d895534ceb3f4530254283df714
-
SHA512
99f686f50aceb451317083cae0f628297c0723af77209de65688240634b35be2b4651f11cb7e496939a6d39f885d97c3d6dde437715a3adbea0df2ee92705f00
Malware Config
Extracted
njrat
0.7d
system32
FRANSESCOC50Y3Aubmdyb2suaW8Strik:MTU3NDU=
6c3e5ffb4e89d90516803c294c8c707b
-
reg_key
6c3e5ffb4e89d90516803c294c8c707b
-
splitter
|'|'|
Targets
-
-
Target
10b39a7b4cc868c0bb82b9c379dacca3128a3d895534ceb3f4530254283df714
-
Size
93KB
-
MD5
11c813cb79e7eea0425a08f23310f453
-
SHA1
d28dda7daf5adbaef897dfd64777d2fcc828dd39
-
SHA256
10b39a7b4cc868c0bb82b9c379dacca3128a3d895534ceb3f4530254283df714
-
SHA512
99f686f50aceb451317083cae0f628297c0723af77209de65688240634b35be2b4651f11cb7e496939a6d39f885d97c3d6dde437715a3adbea0df2ee92705f00
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Drops file in System32 directory
-