General
-
Target
61d73267fc1c8be1fca9846fcff4ed7ffa4cb6271fa6a1060265f37eeeda188d
-
Size
23KB
-
Sample
220730-ynj9eaegej
-
MD5
20790f1a5c5557ef801926d7ce1e4498
-
SHA1
936eae636323d512932d84a45a930626a684b2a9
-
SHA256
61d73267fc1c8be1fca9846fcff4ed7ffa4cb6271fa6a1060265f37eeeda188d
-
SHA512
9d97b1a246aa6bfd0d86185c88d0095391361e902b9a18a5b63045832597283ca865a86dc70f841bb6e608aed6c29f845f594926005f297cb3d36863c027338b
Malware Config
Extracted
njrat
0.7d
HacKed
na33waaf.no-ip.biz:2485
efb8374654449498f987b4a0e64f2f90
-
reg_key
efb8374654449498f987b4a0e64f2f90
-
splitter
|'|'|
Targets
-
-
Target
61d73267fc1c8be1fca9846fcff4ed7ffa4cb6271fa6a1060265f37eeeda188d
-
Size
23KB
-
MD5
20790f1a5c5557ef801926d7ce1e4498
-
SHA1
936eae636323d512932d84a45a930626a684b2a9
-
SHA256
61d73267fc1c8be1fca9846fcff4ed7ffa4cb6271fa6a1060265f37eeeda188d
-
SHA512
9d97b1a246aa6bfd0d86185c88d0095391361e902b9a18a5b63045832597283ca865a86dc70f841bb6e608aed6c29f845f594926005f297cb3d36863c027338b
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-