General
-
Target
4f4e4dc353da88228d3abcc61795d3462c424c454aa11918415a841f66d425a2
-
Size
23KB
-
Sample
220720-r76s7agae6
-
MD5
bedbeaf7f2d431022125f8cbf2c47c3b
-
SHA1
ff947e2a1a55d4259e95f45d4e63fbaae66c8f99
-
SHA256
4f4e4dc353da88228d3abcc61795d3462c424c454aa11918415a841f66d425a2
-
SHA512
4f5969bed94de37ef2e04167e7c0ffd88378479a84b49f1190cfc81c0c18a0e367daa409b87ff1eeb5539d3874c05adb8f46a45c7f646ee37facd6bd0699c1cb
Malware Config
Extracted
njrat
0.7d
HacKed
mohamedahmed123.ddns.net:5552
144fcca1be32b3df79de09607609daf9
-
reg_key
144fcca1be32b3df79de09607609daf9
-
splitter
|'|'|
Targets
-
-
Target
4f4e4dc353da88228d3abcc61795d3462c424c454aa11918415a841f66d425a2
-
Size
23KB
-
MD5
bedbeaf7f2d431022125f8cbf2c47c3b
-
SHA1
ff947e2a1a55d4259e95f45d4e63fbaae66c8f99
-
SHA256
4f4e4dc353da88228d3abcc61795d3462c424c454aa11918415a841f66d425a2
-
SHA512
4f5969bed94de37ef2e04167e7c0ffd88378479a84b49f1190cfc81c0c18a0e367daa409b87ff1eeb5539d3874c05adb8f46a45c7f646ee37facd6bd0699c1cb
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-