General
-
Target
af6b174b10f33702e21eb411d5fc31292efed525cd890272fc2106d369e0dbc3
-
Size
31KB
-
Sample
220520-29atmsbden
-
MD5
62c337ee155d4fa14aa8167dc0bdea39
-
SHA1
78c8ef2e1d7940774d79784b3b2806f440d2a122
-
SHA256
af6b174b10f33702e21eb411d5fc31292efed525cd890272fc2106d369e0dbc3
-
SHA512
57646c960ff8b3695096229438556aa0b1227d85319e940f0c6a592fa3209ffc8feaed8bad5fc44421af052e607175b16a07b1a9248f09582cb22046d9fa3afe
Malware Config
Extracted
njrat
0.7d
MyBot
ggwp90wp.hopto.org:80
b911e107642d6002d2b783984c2e57a9
-
reg_key
b911e107642d6002d2b783984c2e57a9
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
af6b174b10f33702e21eb411d5fc31292efed525cd890272fc2106d369e0dbc3
-
Size
31KB
-
MD5
62c337ee155d4fa14aa8167dc0bdea39
-
SHA1
78c8ef2e1d7940774d79784b3b2806f440d2a122
-
SHA256
af6b174b10f33702e21eb411d5fc31292efed525cd890272fc2106d369e0dbc3
-
SHA512
57646c960ff8b3695096229438556aa0b1227d85319e940f0c6a592fa3209ffc8feaed8bad5fc44421af052e607175b16a07b1a9248f09582cb22046d9fa3afe
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-