General
-
Target
2fa512d6d453bcd88a12074a6b36292b.exe
-
Size
37KB
-
Sample
220917-k2qrfsheb7
-
MD5
2fa512d6d453bcd88a12074a6b36292b
-
SHA1
b4bda8c968d48798faf9e70456b67675e36e6172
-
SHA256
ad97b4126d6ca621c72b23ddc2cf876312e5bcd274b729635ea6ea75db9719a7
-
SHA512
764a067c00dfde1058935a8b8a912697c27470015751858e549860164f9ed742f3ccf26bde37245eb47277d8ae3b13800c52735daae657b9a2cd8dc73caf74c3
-
SSDEEP
384:14SBkiyHnDNGRn5IyUvmIfP3hS/iEAOxrAF+rMRTyN/0L+EcoinblneHQM3epzXL:6b5M5jUvbf4qEZxrM+rMRa8Nurvt
Malware Config
Extracted
njrat
im523
BOT
6.tcp.eu.ngrok.io:18528
369eb6bc638332380e2bdca1db3145bf
-
reg_key
369eb6bc638332380e2bdca1db3145bf
-
splitter
|'|'|
Targets
-
-
Target
2fa512d6d453bcd88a12074a6b36292b.exe
-
Size
37KB
-
MD5
2fa512d6d453bcd88a12074a6b36292b
-
SHA1
b4bda8c968d48798faf9e70456b67675e36e6172
-
SHA256
ad97b4126d6ca621c72b23ddc2cf876312e5bcd274b729635ea6ea75db9719a7
-
SHA512
764a067c00dfde1058935a8b8a912697c27470015751858e549860164f9ed742f3ccf26bde37245eb47277d8ae3b13800c52735daae657b9a2cd8dc73caf74c3
-
SSDEEP
384:14SBkiyHnDNGRn5IyUvmIfP3hS/iEAOxrAF+rMRTyN/0L+EcoinblneHQM3epzXL:6b5M5jUvbf4qEZxrM+rMRa8Nurvt
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-