General
-
Target
1c77c5ee1ca58fcc263739ebb1912fd5ef3f234960123132695646f793e9c202
-
Size
132KB
-
Sample
220607-sj2d8shgf4
-
MD5
7a5141d5681b79d64e8b0c7a19785881
-
SHA1
c85ee9fd78fce19b5418bd1a65b5697ccf0d0217
-
SHA256
1c77c5ee1ca58fcc263739ebb1912fd5ef3f234960123132695646f793e9c202
-
SHA512
2ae457093a18d3427804f36b21377e5f2fc5529a4e00e74b97ef106fae4783247c7b97b02808b089baeb5bda6252fca4cdf72ef66141f6269ceb97b1cbf6a321
Malware Config
Extracted
njrat
0.7d
Public
ddns81.airdns.org:18681
a319f91b31a91d1c47b040e22bd78fcd
-
reg_key
a319f91b31a91d1c47b040e22bd78fcd
-
splitter
|'|'|
Targets
-
-
Target
1c77c5ee1ca58fcc263739ebb1912fd5ef3f234960123132695646f793e9c202
-
Size
132KB
-
MD5
7a5141d5681b79d64e8b0c7a19785881
-
SHA1
c85ee9fd78fce19b5418bd1a65b5697ccf0d0217
-
SHA256
1c77c5ee1ca58fcc263739ebb1912fd5ef3f234960123132695646f793e9c202
-
SHA512
2ae457093a18d3427804f36b21377e5f2fc5529a4e00e74b97ef106fae4783247c7b97b02808b089baeb5bda6252fca4cdf72ef66141f6269ceb97b1cbf6a321
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-