General
-
Target
0df3ade3af4c875ce8e834ad1c4e8052148173d8d95e757454279454a11c311f
-
Size
4.8MB
-
Sample
220525-cq6drsbgar
-
MD5
b34ac778e2e106c5d747e6f33f01a863
-
SHA1
c17521f2ddb2a538158ce7f9cc44ada2f61c40aa
-
SHA256
0df3ade3af4c875ce8e834ad1c4e8052148173d8d95e757454279454a11c311f
-
SHA512
cee1861805d3875073410722e728570b185d5701a16d6c32c7adc54d2ad6e633f08dbc709f71ea3fbc151eb824830d6fb2ff63d08a3ccf4f15b74dc26da05c0f
Malware Config
Extracted
njrat
0.7d
System
videobabshering.ru:3389
b21bc800264adb97f1965cc7df1cb800
-
reg_key
b21bc800264adb97f1965cc7df1cb800
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
0df3ade3af4c875ce8e834ad1c4e8052148173d8d95e757454279454a11c311f
-
Size
4.8MB
-
MD5
b34ac778e2e106c5d747e6f33f01a863
-
SHA1
c17521f2ddb2a538158ce7f9cc44ada2f61c40aa
-
SHA256
0df3ade3af4c875ce8e834ad1c4e8052148173d8d95e757454279454a11c311f
-
SHA512
cee1861805d3875073410722e728570b185d5701a16d6c32c7adc54d2ad6e633f08dbc709f71ea3fbc151eb824830d6fb2ff63d08a3ccf4f15b74dc26da05c0f
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-