General
-
Target
083cf2b8153b97fe12cff304215ec8ac.exe
-
Size
37KB
-
Sample
220927-anxmqsddak
-
MD5
083cf2b8153b97fe12cff304215ec8ac
-
SHA1
5dc5d20ef9b4b13debbf0db1a4930f14990afa4a
-
SHA256
eb0c3c93ac49a1c20a42fa82c5f1f81c1df01d05a0670342ea974b7d79308856
-
SHA512
7bf10e9be2ada50a96cf5d2bd5d907f4521b177913e8759d96c16443c31e69cc752d9fb5e1b265048c311ef9a9e8b810b89ff92710a6a5af4710a40607cfa450
-
SSDEEP
384:mu+vEiTbZvpWNcZ0y8f1CRDX5CLk6SgprAF+rMRTyN/0L+EcoinblneHQM3epzXI:T+dTZ38f1CRDcNSIrM+rMRa8Nu1Et
Malware Config
Extracted
njrat
im523
HacKed
lynnnaz.ddns.net:1703
258c2f365319c9fd509866032c7dc587
-
reg_key
258c2f365319c9fd509866032c7dc587
-
splitter
|'|'|
Targets
-
-
Target
083cf2b8153b97fe12cff304215ec8ac.exe
-
Size
37KB
-
MD5
083cf2b8153b97fe12cff304215ec8ac
-
SHA1
5dc5d20ef9b4b13debbf0db1a4930f14990afa4a
-
SHA256
eb0c3c93ac49a1c20a42fa82c5f1f81c1df01d05a0670342ea974b7d79308856
-
SHA512
7bf10e9be2ada50a96cf5d2bd5d907f4521b177913e8759d96c16443c31e69cc752d9fb5e1b265048c311ef9a9e8b810b89ff92710a6a5af4710a40607cfa450
-
SSDEEP
384:mu+vEiTbZvpWNcZ0y8f1CRDX5CLk6SgprAF+rMRTyN/0L+EcoinblneHQM3epzXI:T+dTZ38f1CRDcNSIrM+rMRa8Nu1Et
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-