General
-
Target
9a4ec6b06682a36705365f027947859f0ae5b5883bc31dc0460f224f2501fb60
-
Size
5.3MB
-
Sample
220520-3s4aascdaq
-
MD5
aae3c28cbe57932f7916d0a9d7db6baa
-
SHA1
55e6340e67dec2470dd61a7fb235636ed813623c
-
SHA256
9a4ec6b06682a36705365f027947859f0ae5b5883bc31dc0460f224f2501fb60
-
SHA512
4cde79d3b953fe5e768c1d7b9acd90242e01add92c654ac8a63b9fa6e199169b715786c4a917fe3624ae0b10340918d9b83a1f7f69a75b79cf62e85bd9df72dc
Malware Config
Extracted
njrat
0.7d
Windows
195.123.210.61:3003
ede277fb5affe7dc0052cadbd3bda25a
-
reg_key
ede277fb5affe7dc0052cadbd3bda25a
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
9a4ec6b06682a36705365f027947859f0ae5b5883bc31dc0460f224f2501fb60
-
Size
5.3MB
-
MD5
aae3c28cbe57932f7916d0a9d7db6baa
-
SHA1
55e6340e67dec2470dd61a7fb235636ed813623c
-
SHA256
9a4ec6b06682a36705365f027947859f0ae5b5883bc31dc0460f224f2501fb60
-
SHA512
4cde79d3b953fe5e768c1d7b9acd90242e01add92c654ac8a63b9fa6e199169b715786c4a917fe3624ae0b10340918d9b83a1f7f69a75b79cf62e85bd9df72dc
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-