General
-
Target
4b54e7e3f754a52d0ed013cd376c069bfdb9e457d134d862b4303691cab03849
-
Size
37KB
-
Sample
220520-3fgkrsbgbm
-
MD5
b98d25a30a0472eea9a8ead6009a853c
-
SHA1
e91b5cfbe442299bf72924422e856424087e9a7e
-
SHA256
4b54e7e3f754a52d0ed013cd376c069bfdb9e457d134d862b4303691cab03849
-
SHA512
4c6ddeddc304ebff72846d115c63f9fe8889f11b44ec5623da22628b5ba258b5b716a02c6722ca483dd466f09db5eea2201af2af8837bc886b9b89c4d4c90314
Malware Config
Extracted
njrat
im523
shareman.exe
ayezhiznboram.ddns.net:6344
4bdbd1da64cfae6714664f169be7c0ed
-
reg_key
4bdbd1da64cfae6714664f169be7c0ed
-
splitter
|'|'|
Targets
-
-
Target
4b54e7e3f754a52d0ed013cd376c069bfdb9e457d134d862b4303691cab03849
-
Size
37KB
-
MD5
b98d25a30a0472eea9a8ead6009a853c
-
SHA1
e91b5cfbe442299bf72924422e856424087e9a7e
-
SHA256
4b54e7e3f754a52d0ed013cd376c069bfdb9e457d134d862b4303691cab03849
-
SHA512
4c6ddeddc304ebff72846d115c63f9fe8889f11b44ec5623da22628b5ba258b5b716a02c6722ca483dd466f09db5eea2201af2af8837bc886b9b89c4d4c90314
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-