General
-
Target
0x000a000000012322-61.dat
-
Size
23KB
-
Sample
220825-2yznmadag3
-
MD5
6c1b4cac2813540e07e0a9665eed145a
-
SHA1
6b6a609afa15bc53ba55883139cff88db5e5fcc8
-
SHA256
5a68f9ddf03ff74628e5886c0722c09d288b251987cbbabe8dd192cdfe71e126
-
SHA512
d0ca2001b54cb57769be5334036eaa7e05d584afaa11b56dc1003b60fec0d31e88db3a1e894ed7f8791fa1f95b3f9061f779b7790bdadc570abfbaf766530846
-
SSDEEP
384:mY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZ5rv:pL2s+tRyRpcnuQj
Malware Config
Extracted
njrat
0.7d
HacKed
8.tcp.ngrok.io:16697
48f98c994dec482c661547c02a2922ac
-
reg_key
48f98c994dec482c661547c02a2922ac
-
splitter
|'|'|
Targets
-
-
Target
0x000a000000012322-61.dat
-
Size
23KB
-
MD5
6c1b4cac2813540e07e0a9665eed145a
-
SHA1
6b6a609afa15bc53ba55883139cff88db5e5fcc8
-
SHA256
5a68f9ddf03ff74628e5886c0722c09d288b251987cbbabe8dd192cdfe71e126
-
SHA512
d0ca2001b54cb57769be5334036eaa7e05d584afaa11b56dc1003b60fec0d31e88db3a1e894ed7f8791fa1f95b3f9061f779b7790bdadc570abfbaf766530846
-
SSDEEP
384:mY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZ5rv:pL2s+tRyRpcnuQj
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-