General
-
Target
999e3e79844299f643e2addfc8b8142f090be16a56c287d73e97179085a91905
-
Size
203KB
-
Sample
220521-af42vaabg7
-
MD5
80ad24837a1502c5137eff0689879e87
-
SHA1
5189989a7000c8b54164b5217b3813d5025ec72d
-
SHA256
999e3e79844299f643e2addfc8b8142f090be16a56c287d73e97179085a91905
-
SHA512
6ea82775a0c6d401b22e3ac267aa2345465d8e95529f650636e0d0dab9757d1eda6faafd5e0abcba585d1f430085ad686232189ee23da0ad20e0aaaf3ad30e07
Malware Config
Extracted
njrat
im523
Biomusor
valeraservice.hopto.org:3725
c09891880ad4e747f696c8d81f2ec88b
-
reg_key
c09891880ad4e747f696c8d81f2ec88b
-
splitter
|'|'|
Targets
-
-
Target
999e3e79844299f643e2addfc8b8142f090be16a56c287d73e97179085a91905
-
Size
203KB
-
MD5
80ad24837a1502c5137eff0689879e87
-
SHA1
5189989a7000c8b54164b5217b3813d5025ec72d
-
SHA256
999e3e79844299f643e2addfc8b8142f090be16a56c287d73e97179085a91905
-
SHA512
6ea82775a0c6d401b22e3ac267aa2345465d8e95529f650636e0d0dab9757d1eda6faafd5e0abcba585d1f430085ad686232189ee23da0ad20e0aaaf3ad30e07
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-