General
-
Target
0x000a000000012752-56.dat
-
Size
93KB
-
Sample
220830-rlg8psbfd3
-
MD5
6633e4a02ef0a596391274133458fe08
-
SHA1
194b28b1494dd31941e2404094034a55062fdc86
-
SHA256
af57cecf462d2f8321a842aca1566a9629d2315958a7a0252ca8c8e7e0e993d7
-
SHA512
449e6ae83ce6d82be9b9e90c3fd07ac358c4cb8f3d8fc273057de7caa59cf51bbdb55b03cf063c5651cf8d23354cd3d178830ad580301c2764bec7c0b21842ba
-
SSDEEP
1536:TlwC+xhUa9urgOBPRNvM4jEwzGi1dD3DMgS:TlmUa9urgObdGi1dfl
Malware Config
Extracted
njrat
0.7d
HacKed
FRANSESCOC50Y3AuZXUubmdyb2suaW8Strik:MTU4OTA=
0ec537396f8c89c665c6c857f7fa4b8a
-
reg_key
0ec537396f8c89c665c6c857f7fa4b8a
-
splitter
|'|'|
Targets
-
-
Target
0x000a000000012752-56.dat
-
Size
93KB
-
MD5
6633e4a02ef0a596391274133458fe08
-
SHA1
194b28b1494dd31941e2404094034a55062fdc86
-
SHA256
af57cecf462d2f8321a842aca1566a9629d2315958a7a0252ca8c8e7e0e993d7
-
SHA512
449e6ae83ce6d82be9b9e90c3fd07ac358c4cb8f3d8fc273057de7caa59cf51bbdb55b03cf063c5651cf8d23354cd3d178830ad580301c2764bec7c0b21842ba
-
SSDEEP
1536:TlwC+xhUa9urgOBPRNvM4jEwzGi1dD3DMgS:TlmUa9urgObdGi1dfl
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-