General
-
Target
57f91e1f571cab4315e253c888fab5c97682e7190dbc95a8aefe09aa4041e816
-
Size
759KB
-
Sample
220903-ca6plaffbm
-
MD5
91521457b38bde22e7c4d774f032c86d
-
SHA1
5fe081f552f7dc0ee67110b41c59b6bfa0531fcd
-
SHA256
57f91e1f571cab4315e253c888fab5c97682e7190dbc95a8aefe09aa4041e816
-
SHA512
8b671889d61ac54896b132c7e88eee9e12e445c7837a0c011eecb6371144e1b9c5193eed7379154b8d64cbe45e7ae4e6b228b0f4c0dfa13276fa67d22496fdc7
-
SSDEEP
12288:HL1MeUoH3msuTmlOIq76xb35zdtKTKKpKKM2xHTc:/5gEMWx352xH
Malware Config
Extracted
njrat
im523
HacKed
4.tcp.eu.ngrok.io:7777
a9613b7d22a0577c995b106d1cbb5571
-
reg_key
a9613b7d22a0577c995b106d1cbb5571
-
splitter
|'|'|
Targets
-
-
Target
57f91e1f571cab4315e253c888fab5c97682e7190dbc95a8aefe09aa4041e816
-
Size
759KB
-
MD5
91521457b38bde22e7c4d774f032c86d
-
SHA1
5fe081f552f7dc0ee67110b41c59b6bfa0531fcd
-
SHA256
57f91e1f571cab4315e253c888fab5c97682e7190dbc95a8aefe09aa4041e816
-
SHA512
8b671889d61ac54896b132c7e88eee9e12e445c7837a0c011eecb6371144e1b9c5193eed7379154b8d64cbe45e7ae4e6b228b0f4c0dfa13276fa67d22496fdc7
-
SSDEEP
12288:HL1MeUoH3msuTmlOIq76xb35zdtKTKKpKKM2xHTc:/5gEMWx352xH
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-