General
-
Target
36c366de8e6d262c0f029833d725597fd619e6843aee387978ca05da693680a7
-
Size
31KB
-
Sample
220626-bye14sdhh9
-
MD5
716dd57297984bcfacb7f0c26b321fe6
-
SHA1
8b25556b9a9445972aefc803c428a1c8bb50d5dc
-
SHA256
36c366de8e6d262c0f029833d725597fd619e6843aee387978ca05da693680a7
-
SHA512
d390e7e6d1573a036555369d4ca4d66c51d76b6f2cb86a80c6550192074fe86dad1dc9dbf1f642573534afe5dfdcf672cd812670b84bc3e786e58502bf277776
Malware Config
Extracted
njrat
0.7d
Testtttttt
ruleshack.ddns.net:117
237660af80cc1ce34dfa65291fb1070d
-
reg_key
237660af80cc1ce34dfa65291fb1070d
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
36c366de8e6d262c0f029833d725597fd619e6843aee387978ca05da693680a7
-
Size
31KB
-
MD5
716dd57297984bcfacb7f0c26b321fe6
-
SHA1
8b25556b9a9445972aefc803c428a1c8bb50d5dc
-
SHA256
36c366de8e6d262c0f029833d725597fd619e6843aee387978ca05da693680a7
-
SHA512
d390e7e6d1573a036555369d4ca4d66c51d76b6f2cb86a80c6550192074fe86dad1dc9dbf1f642573534afe5dfdcf672cd812670b84bc3e786e58502bf277776
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-