General
-
Target
793d4047f9cb06853188abd91e4e889ab897b989abba1e9a040b0a767eb90802
-
Size
23KB
-
Sample
220701-gc8zysgah2
-
MD5
11f42d8a2e06a965a4ffc575dfda012f
-
SHA1
8e372df6a2d2171403349c72d5b4eac100baac06
-
SHA256
793d4047f9cb06853188abd91e4e889ab897b989abba1e9a040b0a767eb90802
-
SHA512
3b9001f44cb2f840f3d22888010a66a0ff2737a36b4574f5af6ab58466bca9ac63ef2820ed0d4ba18de5d7ef204b3ca2e6365f5803f758d1de2cec38f863cb5a
Malware Config
Extracted
njrat
0.7d
Roblox
sallystark.ddns.net:1177
4f4dac90c60c5d2b42eb7531f6b1885e
-
reg_key
4f4dac90c60c5d2b42eb7531f6b1885e
-
splitter
|'|'|
Targets
-
-
Target
793d4047f9cb06853188abd91e4e889ab897b989abba1e9a040b0a767eb90802
-
Size
23KB
-
MD5
11f42d8a2e06a965a4ffc575dfda012f
-
SHA1
8e372df6a2d2171403349c72d5b4eac100baac06
-
SHA256
793d4047f9cb06853188abd91e4e889ab897b989abba1e9a040b0a767eb90802
-
SHA512
3b9001f44cb2f840f3d22888010a66a0ff2737a36b4574f5af6ab58466bca9ac63ef2820ed0d4ba18de5d7ef204b3ca2e6365f5803f758d1de2cec38f863cb5a
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-