General
-
Target
b989b4de1782197d56883c42bf6827ddba68644a7a9d782964ea869ddd51118d
-
Size
106KB
-
Sample
220731-hsshkseefj
-
MD5
aaf561a237e49f5eda6de8ea0896db90
-
SHA1
80c59f9e44254bc210c7c3b10028265fa857237b
-
SHA256
b989b4de1782197d56883c42bf6827ddba68644a7a9d782964ea869ddd51118d
-
SHA512
f25cc11efbd4075e7794577bf56e355dff456223eef0f3d63e299d108b8423fc6137d403204f15089b3130f550dc063333e105aed8cb7479d9c8f03a0dfc0fe7
Malware Config
Extracted
njrat
0.7d
HacKed
bG9senRlYW0xLmhvcHRvLm9yZwStrikStrik:NTU1Mg==
6c54813d91630553f111a8f411f5377f
-
reg_key
6c54813d91630553f111a8f411f5377f
-
splitter
|'|'|
Targets
-
-
Target
b989b4de1782197d56883c42bf6827ddba68644a7a9d782964ea869ddd51118d
-
Size
106KB
-
MD5
aaf561a237e49f5eda6de8ea0896db90
-
SHA1
80c59f9e44254bc210c7c3b10028265fa857237b
-
SHA256
b989b4de1782197d56883c42bf6827ddba68644a7a9d782964ea869ddd51118d
-
SHA512
f25cc11efbd4075e7794577bf56e355dff456223eef0f3d63e299d108b8423fc6137d403204f15089b3130f550dc063333e105aed8cb7479d9c8f03a0dfc0fe7
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-