General
-
Target
b2d8f78612e7a3ec0f5aacaafa031904368b19899eeac158ed93a00bbdc243cb
-
Size
23KB
-
Sample
220521-m1swjacgh7
-
MD5
62613fd09b9acaba8a27dd636fbfcd86
-
SHA1
1c3a7ef93cea4d7d3829f2f35ffb5ba60f64266a
-
SHA256
b2d8f78612e7a3ec0f5aacaafa031904368b19899eeac158ed93a00bbdc243cb
-
SHA512
23a21797c1a6a108373fb96006679e394a32e5a0e91062abe8127bbf69827415c341056455537d0a334ef7849e972a0130b300a11bffa8f79a1ad226dc69d8f5
Malware Config
Extracted
njrat
0.7d
Got em
drontchanging-24954.portmap.io:24954
0f4e54c4009d96e7c18f12042dfb80d6
-
reg_key
0f4e54c4009d96e7c18f12042dfb80d6
-
splitter
|'|'|
Targets
-
-
Target
b2d8f78612e7a3ec0f5aacaafa031904368b19899eeac158ed93a00bbdc243cb
-
Size
23KB
-
MD5
62613fd09b9acaba8a27dd636fbfcd86
-
SHA1
1c3a7ef93cea4d7d3829f2f35ffb5ba60f64266a
-
SHA256
b2d8f78612e7a3ec0f5aacaafa031904368b19899eeac158ed93a00bbdc243cb
-
SHA512
23a21797c1a6a108373fb96006679e394a32e5a0e91062abe8127bbf69827415c341056455537d0a334ef7849e972a0130b300a11bffa8f79a1ad226dc69d8f5
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-