General
-
Target
42e716d8cc902400baf2e972fdd9623b316e983179aac2f93b23e9458afa1894
-
Size
286KB
-
Sample
220707-yp4z7shhhm
-
MD5
ebc8419277735f7c0b73efde624af797
-
SHA1
54baa495f49b1c637038c3b2092c95f7c05b365d
-
SHA256
42e716d8cc902400baf2e972fdd9623b316e983179aac2f93b23e9458afa1894
-
SHA512
b0a8807b1bc2f00d6892a9af08f41dc6d74a8dc20e1ddda3f0073e38a6d6342402cc057e83dcf62d4685e37f9efe1d5fe94667d82599048b95c59536289ed603
Malware Config
Extracted
njrat
0.7d
HacKed
elbouma.hopto.org:1177
488a2fbf3e0035bfa6bcca1a5413730c
-
reg_key
488a2fbf3e0035bfa6bcca1a5413730c
-
splitter
|'|'|
Targets
-
-
Target
42e716d8cc902400baf2e972fdd9623b316e983179aac2f93b23e9458afa1894
-
Size
286KB
-
MD5
ebc8419277735f7c0b73efde624af797
-
SHA1
54baa495f49b1c637038c3b2092c95f7c05b365d
-
SHA256
42e716d8cc902400baf2e972fdd9623b316e983179aac2f93b23e9458afa1894
-
SHA512
b0a8807b1bc2f00d6892a9af08f41dc6d74a8dc20e1ddda3f0073e38a6d6342402cc057e83dcf62d4685e37f9efe1d5fe94667d82599048b95c59536289ed603
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-