General
-
Target
a362c2afa98445c495ec772e7e8f45563ee5eaffc1871cb25765ce550f96038e
-
Size
37KB
-
Sample
220520-eymmqscdfm
-
MD5
ffb6793c30c2ac4f9c503aeab317b905
-
SHA1
a9c6544178898a507cbf4c2082423a9a0ed78a15
-
SHA256
a362c2afa98445c495ec772e7e8f45563ee5eaffc1871cb25765ce550f96038e
-
SHA512
57ffe84654d433ce1d3e832b4fa2754d6aa81b21df558482fb844663b394d600416119a54c57f2747baf295a03e66bee772ae5fdc4877302c19ad39267dcfdbb
Malware Config
Extracted
njrat
im523
HacKed
188.163.97.125:2222
2316a783ce0100ca51ebc2fa73afbbbd
-
reg_key
2316a783ce0100ca51ebc2fa73afbbbd
-
splitter
|'|'|
Targets
-
-
Target
a362c2afa98445c495ec772e7e8f45563ee5eaffc1871cb25765ce550f96038e
-
Size
37KB
-
MD5
ffb6793c30c2ac4f9c503aeab317b905
-
SHA1
a9c6544178898a507cbf4c2082423a9a0ed78a15
-
SHA256
a362c2afa98445c495ec772e7e8f45563ee5eaffc1871cb25765ce550f96038e
-
SHA512
57ffe84654d433ce1d3e832b4fa2754d6aa81b21df558482fb844663b394d600416119a54c57f2747baf295a03e66bee772ae5fdc4877302c19ad39267dcfdbb
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-