General
-
Target
ee72a51968c88152c144786716cae7acca6b9fac0b20fbaf8c680ce432b6efea
-
Size
75KB
-
Sample
221001-1ycneshce9
-
MD5
51e44f83dadd7c650626bc3fc0b023a0
-
SHA1
980f7e510752177589f73820ebe8a44dceff9210
-
SHA256
ee72a51968c88152c144786716cae7acca6b9fac0b20fbaf8c680ce432b6efea
-
SHA512
d908f4a841b11b4b2366bf0c7293c6a6439cda8e531f37e5243ded0070f7000eb12ccaab6974d863992acddb22c50b336b8892dc2199c4940e3db4f6c43838f0
-
SSDEEP
1536:PNQQMr5TScbEjtsAJ2kSCCRbIL5A8skarPToftGD4W:P7o2cbkyAJ2kObINvabx4W
Malware Config
Extracted
njrat
0.6.4
HacKed
savioanon.no-ip.biz:1971
693c40e8f5f059f9726e9dc4e4bdd32f
-
reg_key
693c40e8f5f059f9726e9dc4e4bdd32f
-
splitter
|'|'|
Targets
-
-
Target
ee72a51968c88152c144786716cae7acca6b9fac0b20fbaf8c680ce432b6efea
-
Size
75KB
-
MD5
51e44f83dadd7c650626bc3fc0b023a0
-
SHA1
980f7e510752177589f73820ebe8a44dceff9210
-
SHA256
ee72a51968c88152c144786716cae7acca6b9fac0b20fbaf8c680ce432b6efea
-
SHA512
d908f4a841b11b4b2366bf0c7293c6a6439cda8e531f37e5243ded0070f7000eb12ccaab6974d863992acddb22c50b336b8892dc2199c4940e3db4f6c43838f0
-
SSDEEP
1536:PNQQMr5TScbEjtsAJ2kSCCRbIL5A8skarPToftGD4W:P7o2cbkyAJ2kObINvabx4W
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-