General
-
Target
1aea4cc5eed0fbf9bc14cecbab4b67a90754cb303eff6948ef147f7afa813eb4
-
Size
23KB
-
Sample
220520-qrty1sdhc9
-
MD5
264cc8acfd74b2dc61c4601ebed22625
-
SHA1
4d34a5a2f1cfeb7841bfe6ae06d4dc5075da557c
-
SHA256
1aea4cc5eed0fbf9bc14cecbab4b67a90754cb303eff6948ef147f7afa813eb4
-
SHA512
8eeb2615c76fcd9ba9a6e6859fcf3d85ecbb46694bd0c5be20506f0fbe0ff67727985c592cf80a91011468696006592081556ef9ac1e65754054a6dac245da9f
Malware Config
Extracted
njrat
0.7d
HacKed
ranjeethubb-47583.portmap.io:47583
784d648927e34213cad028b43aa070c4
-
reg_key
784d648927e34213cad028b43aa070c4
-
splitter
|'|'|
Targets
-
-
Target
1aea4cc5eed0fbf9bc14cecbab4b67a90754cb303eff6948ef147f7afa813eb4
-
Size
23KB
-
MD5
264cc8acfd74b2dc61c4601ebed22625
-
SHA1
4d34a5a2f1cfeb7841bfe6ae06d4dc5075da557c
-
SHA256
1aea4cc5eed0fbf9bc14cecbab4b67a90754cb303eff6948ef147f7afa813eb4
-
SHA512
8eeb2615c76fcd9ba9a6e6859fcf3d85ecbb46694bd0c5be20506f0fbe0ff67727985c592cf80a91011468696006592081556ef9ac1e65754054a6dac245da9f
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-