General
-
Target
330e51626616cb57052ff32e5a1ecddc04a50a4e107afdc6af4ee7fd118c8e6c
-
Size
298KB
-
Sample
220520-1l4alshcam
-
MD5
53ecd4993029fae047fb6f118b8817b6
-
SHA1
202e89dd6424cc009c8ea5a41188fae41ad85155
-
SHA256
330e51626616cb57052ff32e5a1ecddc04a50a4e107afdc6af4ee7fd118c8e6c
-
SHA512
4038342e2500025bab9e8c0f57a81449494accfd90b89a93f40ccaef1fa9fc39eac5e37f03c4e96278cd1bad19d09459ee82aa56d9cbedf3d98f145da8fabb2f
Malware Config
Extracted
njrat
im523
svchost.exe
192.168.0.100:1604
3f97945adf60540bc81f42cfa0c81e0c
-
reg_key
3f97945adf60540bc81f42cfa0c81e0c
-
splitter
|'|'|
Targets
-
-
Target
330e51626616cb57052ff32e5a1ecddc04a50a4e107afdc6af4ee7fd118c8e6c
-
Size
298KB
-
MD5
53ecd4993029fae047fb6f118b8817b6
-
SHA1
202e89dd6424cc009c8ea5a41188fae41ad85155
-
SHA256
330e51626616cb57052ff32e5a1ecddc04a50a4e107afdc6af4ee7fd118c8e6c
-
SHA512
4038342e2500025bab9e8c0f57a81449494accfd90b89a93f40ccaef1fa9fc39eac5e37f03c4e96278cd1bad19d09459ee82aa56d9cbedf3d98f145da8fabb2f
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-