General
-
Target
0204b722786e270be625c051d81917661e5feed72dfe42493ab402e0067b84c5
-
Size
37KB
-
Sample
220520-fbm6esdcaj
-
MD5
0478fc8beb0b480a94f28c2bb4f62809
-
SHA1
3da4a92531403995ffaff9f0007d0821ca6cac4b
-
SHA256
0204b722786e270be625c051d81917661e5feed72dfe42493ab402e0067b84c5
-
SHA512
7fc9935cf7e671667a2e445e84d6bb5b04698418feb57dc0e1acc58ccd73d2cdab035086308c73f4d2ebb2e65d529656fc524cdfe5919336010abce227114d59
Malware Config
Extracted
njrat
im523
HacKed
127.0.0.1:5552
984559f52d4087243e95e5ad9bb48e8d
-
reg_key
984559f52d4087243e95e5ad9bb48e8d
-
splitter
|'|'|
Targets
-
-
Target
0204b722786e270be625c051d81917661e5feed72dfe42493ab402e0067b84c5
-
Size
37KB
-
MD5
0478fc8beb0b480a94f28c2bb4f62809
-
SHA1
3da4a92531403995ffaff9f0007d0821ca6cac4b
-
SHA256
0204b722786e270be625c051d81917661e5feed72dfe42493ab402e0067b84c5
-
SHA512
7fc9935cf7e671667a2e445e84d6bb5b04698418feb57dc0e1acc58ccd73d2cdab035086308c73f4d2ebb2e65d529656fc524cdfe5919336010abce227114d59
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-