General
-
Target
47c6ed7fb2afbadd95212c4dcbb7bd8815c47b218e45c78e8b8589ca93df797d
-
Size
2.5MB
-
Sample
220701-e9lvksebd2
-
MD5
27d06d38b1f8e37b47d23c9efd8e25c9
-
SHA1
b8bdf3ab19c109deb5509f45132686b671fb9552
-
SHA256
47c6ed7fb2afbadd95212c4dcbb7bd8815c47b218e45c78e8b8589ca93df797d
-
SHA512
c8afe02e5ce73b371b09d663189248c1c13395f0b3b1bd92c826223193f304ca1a8d1047bd87e289805ac20c10c9443b04688e8d8699bbf503c5d7f5935a8c85
Malware Config
Extracted
njrat
0.7d
SteamCompany12bit
192.168.1.183:4444
760207cdf3aa547d353591aefcf32cc3
-
reg_key
760207cdf3aa547d353591aefcf32cc3
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
47c6ed7fb2afbadd95212c4dcbb7bd8815c47b218e45c78e8b8589ca93df797d
-
Size
2.5MB
-
MD5
27d06d38b1f8e37b47d23c9efd8e25c9
-
SHA1
b8bdf3ab19c109deb5509f45132686b671fb9552
-
SHA256
47c6ed7fb2afbadd95212c4dcbb7bd8815c47b218e45c78e8b8589ca93df797d
-
SHA512
c8afe02e5ce73b371b09d663189248c1c13395f0b3b1bd92c826223193f304ca1a8d1047bd87e289805ac20c10c9443b04688e8d8699bbf503c5d7f5935a8c85
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-