General
-
Target
94ddab9bf418a816979e7e1ad9dc43c71c00923c5f8f1ff80523e90f6c6947ae
-
Size
31KB
-
Sample
220520-3khzdsbhhp
-
MD5
9d133a0834ae64b62ee98388ea870a02
-
SHA1
0d9bcb4560c22e36d304ca23c1b2bff757dd4ee0
-
SHA256
94ddab9bf418a816979e7e1ad9dc43c71c00923c5f8f1ff80523e90f6c6947ae
-
SHA512
5e95130a3b7f2de70a346b87dcca04a21b800efe5c2bb570b7affc61acd8009e363ba328354ff17fa48807fb739610bf79cea0cdd3e770dc90da64b3b3c2a3b8
Malware Config
Extracted
njrat
0.7d
username
helpmepls123.ddns.net:6522
997fb9a584520c7d72161d82bec2816f
-
reg_key
997fb9a584520c7d72161d82bec2816f
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
94ddab9bf418a816979e7e1ad9dc43c71c00923c5f8f1ff80523e90f6c6947ae
-
Size
31KB
-
MD5
9d133a0834ae64b62ee98388ea870a02
-
SHA1
0d9bcb4560c22e36d304ca23c1b2bff757dd4ee0
-
SHA256
94ddab9bf418a816979e7e1ad9dc43c71c00923c5f8f1ff80523e90f6c6947ae
-
SHA512
5e95130a3b7f2de70a346b87dcca04a21b800efe5c2bb570b7affc61acd8009e363ba328354ff17fa48807fb739610bf79cea0cdd3e770dc90da64b3b3c2a3b8
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-