General
-
Target
2944260deaa025272074f9a2ac84ffd7.exe
-
Size
347KB
-
Sample
220830-rhtgkaaaak
-
MD5
2944260deaa025272074f9a2ac84ffd7
-
SHA1
18aa80fcd4efade56a68ce67a38f8e148d38e863
-
SHA256
76de9acdc679b628b2982e417d9b9d3329841439f9ccfb70e4e11e162ec1eb68
-
SHA512
84e15d0cef4d0a34fecb7238aa3e02c2ecd19e0e5beb1474d6c8cb74b40eaae3e097455b2e2a71a6ae02113192a67f52149231313a9e992a9c13c4da22366653
-
SSDEEP
6144:SiDdgU7fEMhpd2cBcr39lIKdK8RKzd+jAYLToFYAah+eCH5+Hn0Su34KB:1fEWpdPKrNlIKdK8RKwOXo+J4H0SQ
Malware Config
Extracted
njrat
0.7d
HacKed
FRANSESCOC50Y3AuZXUubmdyb2suaW8Strik:MTU4OTA=
0ec537396f8c89c665c6c857f7fa4b8a
-
reg_key
0ec537396f8c89c665c6c857f7fa4b8a
-
splitter
|'|'|
Targets
-
-
Target
2944260deaa025272074f9a2ac84ffd7.exe
-
Size
347KB
-
MD5
2944260deaa025272074f9a2ac84ffd7
-
SHA1
18aa80fcd4efade56a68ce67a38f8e148d38e863
-
SHA256
76de9acdc679b628b2982e417d9b9d3329841439f9ccfb70e4e11e162ec1eb68
-
SHA512
84e15d0cef4d0a34fecb7238aa3e02c2ecd19e0e5beb1474d6c8cb74b40eaae3e097455b2e2a71a6ae02113192a67f52149231313a9e992a9c13c4da22366653
-
SSDEEP
6144:SiDdgU7fEMhpd2cBcr39lIKdK8RKzd+jAYLToFYAah+eCH5+Hn0Su34KB:1fEWpdPKrNlIKdK8RKwOXo+J4H0SQ
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-