General
-
Target
a13cb95291ecf3c47270c724172f58c5.exe
-
Size
23KB
-
Sample
220824-b34v2aedgq
-
MD5
a13cb95291ecf3c47270c724172f58c5
-
SHA1
0e639a2acd67fb67608d00dd6864180b9091e095
-
SHA256
d7f6b6f9c386f930fff005f81e8031920c98c4f259621eb54b0acd1c5f7530bf
-
SHA512
9b949f43dfbcee99d585e625d99c1eb2fdd2539e20dad0b7c4f7a0e51b95035986c7bf340e4a25d28d25a1630f4d2a43d3ae99450e38146ad01b958525d2df3e
-
SSDEEP
384:Gc6CqbFYh3odrVCGiHssDB4b6i6fgpEupNXRmRvR6JZlbw8hqIusZzZ0P:JIU0tw3RpcnuR
Malware Config
Extracted
njrat
0.7d
HacKed
davizshadow.duckdns.org:10006
75935408179c5a4b501e9bc542d7c1be
-
reg_key
75935408179c5a4b501e9bc542d7c1be
-
splitter
|'|'|
Targets
-
-
Target
a13cb95291ecf3c47270c724172f58c5.exe
-
Size
23KB
-
MD5
a13cb95291ecf3c47270c724172f58c5
-
SHA1
0e639a2acd67fb67608d00dd6864180b9091e095
-
SHA256
d7f6b6f9c386f930fff005f81e8031920c98c4f259621eb54b0acd1c5f7530bf
-
SHA512
9b949f43dfbcee99d585e625d99c1eb2fdd2539e20dad0b7c4f7a0e51b95035986c7bf340e4a25d28d25a1630f4d2a43d3ae99450e38146ad01b958525d2df3e
-
SSDEEP
384:Gc6CqbFYh3odrVCGiHssDB4b6i6fgpEupNXRmRvR6JZlbw8hqIusZzZ0P:JIU0tw3RpcnuR
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-