General
-
Target
055af2e263fa47903d9aed77a75d9be1ad72d64e64ed2d38dbed90308f89439b
-
Size
37KB
-
Sample
220724-yh6v8aebe2
-
MD5
33c27dbcb1fc1d6625f209955574a8d4
-
SHA1
f6a1c1755f3824bfa0de06defef5d91b6461fee4
-
SHA256
055af2e263fa47903d9aed77a75d9be1ad72d64e64ed2d38dbed90308f89439b
-
SHA512
604b755ef8a7af01d7c4253f058cfa0c22c54d1379e0c6154a2d8c9dfdddf3cbafaf3a21c5b7b4bc8340ccb2afb1aa36256dd3eee469ef85ec606e21e0b0c31a
Malware Config
Extracted
njrat
im523
HacKed
127.0.0.1:5552
9e299331022ad63dab6d716ad8fcf10a
-
reg_key
9e299331022ad63dab6d716ad8fcf10a
-
splitter
|'|'|
Targets
-
-
Target
055af2e263fa47903d9aed77a75d9be1ad72d64e64ed2d38dbed90308f89439b
-
Size
37KB
-
MD5
33c27dbcb1fc1d6625f209955574a8d4
-
SHA1
f6a1c1755f3824bfa0de06defef5d91b6461fee4
-
SHA256
055af2e263fa47903d9aed77a75d9be1ad72d64e64ed2d38dbed90308f89439b
-
SHA512
604b755ef8a7af01d7c4253f058cfa0c22c54d1379e0c6154a2d8c9dfdddf3cbafaf3a21c5b7b4bc8340ccb2afb1aa36256dd3eee469ef85ec606e21e0b0c31a
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-