General
-
Target
VXUHEUR-Backdoor.MSIL.Bladabindi.gen-dd000659.exe
-
Size
768KB
-
Sample
220825-2w7w8acahr
-
MD5
dcab21b962f1f897b4a68bc1e8b99201
-
SHA1
1af549c8207e7f960c64313d049835e3a96746d7
-
SHA256
dd000659c4a654b5a3a63c24c5c4d38f32b466db7e98e14332d4cb1b43b49a55
-
SHA512
72bc5299a9ca2d19f2e123d113b6f26b95e8c19da323d8d55de2f8241d76788623441b1153f48f920ed54d8b92cbb0378c56999ee820c8602b391ad93bcbb5dc
-
SSDEEP
24576:68pHAL+Qu231TELO4TtpPmDMoznIZVwWMDy:7He+QAt1iID
Malware Config
Extracted
njrat
0.7d
HacKed
8.tcp.ngrok.io:16697
48f98c994dec482c661547c02a2922ac
-
reg_key
48f98c994dec482c661547c02a2922ac
-
splitter
|'|'|
Targets
-
-
Target
VXUHEUR-Backdoor.MSIL.Bladabindi.gen-dd000659.exe
-
Size
768KB
-
MD5
dcab21b962f1f897b4a68bc1e8b99201
-
SHA1
1af549c8207e7f960c64313d049835e3a96746d7
-
SHA256
dd000659c4a654b5a3a63c24c5c4d38f32b466db7e98e14332d4cb1b43b49a55
-
SHA512
72bc5299a9ca2d19f2e123d113b6f26b95e8c19da323d8d55de2f8241d76788623441b1153f48f920ed54d8b92cbb0378c56999ee820c8602b391ad93bcbb5dc
-
SSDEEP
24576:68pHAL+Qu231TELO4TtpPmDMoznIZVwWMDy:7He+QAt1iID
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-