General
-
Target
431cba1cfb123d9f7cd3d1bbf91a66ea1cc1f4d8a30f86d794ed75d1b521664d
-
Size
23KB
-
Sample
220524-w2p1psdah3
-
MD5
4ea1665eb888da8c049a453acc38b547
-
SHA1
211a4143dc0b7daa35c325b8c7d75a4bb21eca58
-
SHA256
431cba1cfb123d9f7cd3d1bbf91a66ea1cc1f4d8a30f86d794ed75d1b521664d
-
SHA512
59a137aaecc7cb74a1dec3969670c68bfde376c319b0df735eb13a8dca4b3999bbada2b9c867483ead4c3cb4f180f812b31b8053808b5ba829b1fc001d0ae9dc
Malware Config
Extracted
njrat
0.7d
YOUTUBE
fnhost1.ddns.net:1177
1bd172ac77b29bf1fd15d0de8a995ae1
-
reg_key
1bd172ac77b29bf1fd15d0de8a995ae1
-
splitter
|'|'|
Targets
-
-
Target
431cba1cfb123d9f7cd3d1bbf91a66ea1cc1f4d8a30f86d794ed75d1b521664d
-
Size
23KB
-
MD5
4ea1665eb888da8c049a453acc38b547
-
SHA1
211a4143dc0b7daa35c325b8c7d75a4bb21eca58
-
SHA256
431cba1cfb123d9f7cd3d1bbf91a66ea1cc1f4d8a30f86d794ed75d1b521664d
-
SHA512
59a137aaecc7cb74a1dec3969670c68bfde376c319b0df735eb13a8dca4b3999bbada2b9c867483ead4c3cb4f180f812b31b8053808b5ba829b1fc001d0ae9dc
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-