General
-
Target
5bc61eac5924ae54482ad0cf13de3d954c204acf40675b68ec9f34a58987b3ab
-
Size
37KB
-
Sample
220521-aa45nahhf2
-
MD5
94d375e6fd23e82da61417bcdbd3c50a
-
SHA1
e3395b38c627551f3100e2c42854ee50dfab9af2
-
SHA256
5bc61eac5924ae54482ad0cf13de3d954c204acf40675b68ec9f34a58987b3ab
-
SHA512
a4c24474972d0457830266173bdae4cb15a1045997f3f313297899ad568f0e7e16fdd07eb2607f11f041ec751fda97fc9480fa5232e689551c6b1de705afccb1
Malware Config
Extracted
njrat
im523
HacKed
188.163.97.125:21
a9e76bee46dc0a4e93b0f47bb4fdbb28
-
reg_key
a9e76bee46dc0a4e93b0f47bb4fdbb28
-
splitter
|'|'|
Targets
-
-
Target
5bc61eac5924ae54482ad0cf13de3d954c204acf40675b68ec9f34a58987b3ab
-
Size
37KB
-
MD5
94d375e6fd23e82da61417bcdbd3c50a
-
SHA1
e3395b38c627551f3100e2c42854ee50dfab9af2
-
SHA256
5bc61eac5924ae54482ad0cf13de3d954c204acf40675b68ec9f34a58987b3ab
-
SHA512
a4c24474972d0457830266173bdae4cb15a1045997f3f313297899ad568f0e7e16fdd07eb2607f11f041ec751fda97fc9480fa5232e689551c6b1de705afccb1
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-