General
-
Target
3e9a4599cb3b29f9810a7d61282e2d4db15ba7df233752a0511502cdba1257fe
-
Size
23KB
-
Sample
220520-z7x52sdeh6
-
MD5
2b62029610cb89bbe65f3eb0f956ad31
-
SHA1
3d7f8201bbf8b142abbad91b91681dca2a996db9
-
SHA256
3e9a4599cb3b29f9810a7d61282e2d4db15ba7df233752a0511502cdba1257fe
-
SHA512
597c24b5ad3cb32c96b8b01c31952b637ca662c37d534cedc37fe6849973bdc1c15c439e262ef64521c7cbd2c1c460edabfde45422c7f2a1b34003fa5dedabb5
Malware Config
Extracted
njrat
0.7d
Youtube
170.78.228.248:4000
74f1c9503f78c09efe5ac6b8a9f55c1f
-
reg_key
74f1c9503f78c09efe5ac6b8a9f55c1f
-
splitter
|'|'|
Targets
-
-
Target
3e9a4599cb3b29f9810a7d61282e2d4db15ba7df233752a0511502cdba1257fe
-
Size
23KB
-
MD5
2b62029610cb89bbe65f3eb0f956ad31
-
SHA1
3d7f8201bbf8b142abbad91b91681dca2a996db9
-
SHA256
3e9a4599cb3b29f9810a7d61282e2d4db15ba7df233752a0511502cdba1257fe
-
SHA512
597c24b5ad3cb32c96b8b01c31952b637ca662c37d534cedc37fe6849973bdc1c15c439e262ef64521c7cbd2c1c460edabfde45422c7f2a1b34003fa5dedabb5
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-