General
-
Target
50813baaa46a17612b50b57d7bc219f4.exe
-
Size
37KB
-
Sample
220830-26ch3afbe2
-
MD5
50813baaa46a17612b50b57d7bc219f4
-
SHA1
af040ba9fe0e56af89e2b7a91033167d7620988c
-
SHA256
2d9398acf91dea0ad736f1af7e72f9a398374db0bba86157d5f8d55d7c4a1b0c
-
SHA512
0805a9fd246ff9e6e1c8ccab7662a02cdf43c790cb670a0dda243d69e9f141ea12b65f850b32e7640b2d05be158f174c5a6032571cbc8ea4d4e27577010465d5
-
SSDEEP
384:dYraoixJ9l7OHg1WykrFV3pk8emT20rAF+rMRTyN/0L+EcoinblneHQM3epzXrNK:qr+R1NkrFV6NmFrM+rMRa8NuNct
Malware Config
Extracted
njrat
im523
HacKed
2.tcp.eu.ngrok.io:11696
a2f7075757e57cca21dc8208b3cc0b68
-
reg_key
a2f7075757e57cca21dc8208b3cc0b68
-
splitter
|'|'|
Targets
-
-
Target
50813baaa46a17612b50b57d7bc219f4.exe
-
Size
37KB
-
MD5
50813baaa46a17612b50b57d7bc219f4
-
SHA1
af040ba9fe0e56af89e2b7a91033167d7620988c
-
SHA256
2d9398acf91dea0ad736f1af7e72f9a398374db0bba86157d5f8d55d7c4a1b0c
-
SHA512
0805a9fd246ff9e6e1c8ccab7662a02cdf43c790cb670a0dda243d69e9f141ea12b65f850b32e7640b2d05be158f174c5a6032571cbc8ea4d4e27577010465d5
-
SSDEEP
384:dYraoixJ9l7OHg1WykrFV3pk8emT20rAF+rMRTyN/0L+EcoinblneHQM3epzXrNK:qr+R1NkrFV6NmFrM+rMRa8NuNct
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-