General
-
Target
9625a01a03d5251f2b8b083cc2b8a4672aaf58e12cfd43697d0f14f786260258
-
Size
37KB
-
Sample
220630-wcztlsgdd9
-
MD5
b14b1db088161ff6ade20058c947da24
-
SHA1
9f8f8df3567d55a68cf3475d359f69333f052eb1
-
SHA256
9625a01a03d5251f2b8b083cc2b8a4672aaf58e12cfd43697d0f14f786260258
-
SHA512
8096db851a0df5f04a796825f762cf833787c48c904db1dfab853114ef83d7b064789a5955622213b71270589784378e6a7399f5827a3f9deefbf54d1a4f952e
Malware Config
Extracted
njrat
im523
HacKed
mikus293.ddns.net:8808
d7d375792b8e083dc0d1f19bf087e819
-
reg_key
d7d375792b8e083dc0d1f19bf087e819
-
splitter
|'|'|
Targets
-
-
Target
9625a01a03d5251f2b8b083cc2b8a4672aaf58e12cfd43697d0f14f786260258
-
Size
37KB
-
MD5
b14b1db088161ff6ade20058c947da24
-
SHA1
9f8f8df3567d55a68cf3475d359f69333f052eb1
-
SHA256
9625a01a03d5251f2b8b083cc2b8a4672aaf58e12cfd43697d0f14f786260258
-
SHA512
8096db851a0df5f04a796825f762cf833787c48c904db1dfab853114ef83d7b064789a5955622213b71270589784378e6a7399f5827a3f9deefbf54d1a4f952e
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-