General
-
Target
ae4a2e2db65cd1fbcf3bc34fe2cd89f9.exe
-
Size
318KB
-
Sample
220818-y19ptsbcel
-
MD5
ae4a2e2db65cd1fbcf3bc34fe2cd89f9
-
SHA1
5025965af3e3a5bf79629b90c9f8ba62546ee87f
-
SHA256
b27e8f81c049d04a3fd97ff6863b987f16291d871f6ba92ca06f9f019956b8aa
-
SHA512
34932c17ddb36cb5df7126f0104e796a951a1f9a10778b9989e2cea3b12bc90825fcdadb6860163ac275fd4dbc4f2dde2de724155be593ccd64dadc0f1d2cc55
-
SSDEEP
6144:VkHaly3cDm57d2L2SuyW9J4CTTBJml1BTArhxeUR:jlK941BcrhUUR
Malware Config
Extracted
njrat
0.7d
HacKed
easralahtane.ddns.net:3973
d2affd0990860fff6a059dbd50f93a64
-
reg_key
d2affd0990860fff6a059dbd50f93a64
-
splitter
|'|'|
Targets
-
-
Target
ae4a2e2db65cd1fbcf3bc34fe2cd89f9.exe
-
Size
318KB
-
MD5
ae4a2e2db65cd1fbcf3bc34fe2cd89f9
-
SHA1
5025965af3e3a5bf79629b90c9f8ba62546ee87f
-
SHA256
b27e8f81c049d04a3fd97ff6863b987f16291d871f6ba92ca06f9f019956b8aa
-
SHA512
34932c17ddb36cb5df7126f0104e796a951a1f9a10778b9989e2cea3b12bc90825fcdadb6860163ac275fd4dbc4f2dde2de724155be593ccd64dadc0f1d2cc55
-
SSDEEP
6144:VkHaly3cDm57d2L2SuyW9J4CTTBJml1BTArhxeUR:jlK941BcrhUUR
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-