General
-
Target
f0e96a5e05511ef011d33261b364f046118f91e1d9053c397d1e6ac10c8c79aa
-
Size
40KB
-
Sample
221001-1xx8qshcd3
-
MD5
6a7b34aabcd7482e0c6acb99fd249d20
-
SHA1
25a6b8074e1323cff36d522c62d1121e7ebfc749
-
SHA256
f0e96a5e05511ef011d33261b364f046118f91e1d9053c397d1e6ac10c8c79aa
-
SHA512
482c4a801e35c236161cae4b5b2042e9f58cd5a7e2f61a9e21e030a73bb1ca3f4584869924f2da210b1b050b8d18876b0914c9f403ee86ad36b86be46f7ec4ae
-
SSDEEP
384:xoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZSNl5:m7O89p2rRpcnuBl5
Malware Config
Extracted
njrat
0.7d
HacKed
momodz.no-ip.biz:1177
de24e18567ad7e555a79ab8b2c977563
-
reg_key
de24e18567ad7e555a79ab8b2c977563
-
splitter
|'|'|
Targets
-
-
Target
f0e96a5e05511ef011d33261b364f046118f91e1d9053c397d1e6ac10c8c79aa
-
Size
40KB
-
MD5
6a7b34aabcd7482e0c6acb99fd249d20
-
SHA1
25a6b8074e1323cff36d522c62d1121e7ebfc749
-
SHA256
f0e96a5e05511ef011d33261b364f046118f91e1d9053c397d1e6ac10c8c79aa
-
SHA512
482c4a801e35c236161cae4b5b2042e9f58cd5a7e2f61a9e21e030a73bb1ca3f4584869924f2da210b1b050b8d18876b0914c9f403ee86ad36b86be46f7ec4ae
-
SSDEEP
384:xoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZSNl5:m7O89p2rRpcnuBl5
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-