General
-
Target
afffe069ebc127a742b56af54543f1ae6e8a13955b0b1812a479a15c59e57946
-
Size
127KB
-
Sample
221001-19jk4sbbdk
-
MD5
6b64d2bb3af6922a68eac1b798977f30
-
SHA1
ab2498ae6276609b06c2d583eee84d00537c8624
-
SHA256
afffe069ebc127a742b56af54543f1ae6e8a13955b0b1812a479a15c59e57946
-
SHA512
76d1d7893e534d39a9115ec6109f25b6eb473fb4ef988c792f957a88d1d8c0b4cd436fab98e20f41bf89bcc2c6d7a567d77f9f7b4c6b007a68d4527f1dafa291
-
SSDEEP
3072:A3XcpefmS+vOxqsNOGTtNg4wIlckXB70K1jyeBaxmlnpt:AcmIvRsNRuJEckXx0KljBM2
Malware Config
Extracted
njrat
0.7d
HacKed
gulfup.no-ip.biz:1177
c13414c5aa99e07b7566246e70d7f2bb
-
reg_key
c13414c5aa99e07b7566246e70d7f2bb
-
splitter
|'|'|
Targets
-
-
Target
afffe069ebc127a742b56af54543f1ae6e8a13955b0b1812a479a15c59e57946
-
Size
127KB
-
MD5
6b64d2bb3af6922a68eac1b798977f30
-
SHA1
ab2498ae6276609b06c2d583eee84d00537c8624
-
SHA256
afffe069ebc127a742b56af54543f1ae6e8a13955b0b1812a479a15c59e57946
-
SHA512
76d1d7893e534d39a9115ec6109f25b6eb473fb4ef988c792f957a88d1d8c0b4cd436fab98e20f41bf89bcc2c6d7a567d77f9f7b4c6b007a68d4527f1dafa291
-
SSDEEP
3072:A3XcpefmS+vOxqsNOGTtNg4wIlckXB70K1jyeBaxmlnpt:AcmIvRsNRuJEckXx0KljBM2
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-