General
-
Target
3e0baae7fd422648feef63903e375e29e48aaa1146d249f8571a96563ad3a1d4
-
Size
156KB
-
Sample
220701-qwm19sedhq
-
MD5
4123e4ef9f5d9399d06c2186ff3e6300
-
SHA1
7529717bcf12234b31d252f9974dc20072c07189
-
SHA256
3e0baae7fd422648feef63903e375e29e48aaa1146d249f8571a96563ad3a1d4
-
SHA512
cec74f13263f278ff839b596d10abddbdc77bf5778237b90fd9f1830f3861ff38abfa7c51cf73abe99d8be441295683e93cbe1d305d8d5b113b0ebbaf5645e3c
Malware Config
Extracted
njrat
0.7d
FIKRAAA victimes
service-http.servehttp.com:5500
9563c75cec9a4d84b96ac625f5a53797
-
reg_key
9563c75cec9a4d84b96ac625f5a53797
-
splitter
|'|'|
Targets
-
-
Target
3e0baae7fd422648feef63903e375e29e48aaa1146d249f8571a96563ad3a1d4
-
Size
156KB
-
MD5
4123e4ef9f5d9399d06c2186ff3e6300
-
SHA1
7529717bcf12234b31d252f9974dc20072c07189
-
SHA256
3e0baae7fd422648feef63903e375e29e48aaa1146d249f8571a96563ad3a1d4
-
SHA512
cec74f13263f278ff839b596d10abddbdc77bf5778237b90fd9f1830f3861ff38abfa7c51cf73abe99d8be441295683e93cbe1d305d8d5b113b0ebbaf5645e3c
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-