General
-
Target
6aed6fe05d534885dc8983af53044a1a1f0a972f4112499fe21c095877b67242
-
Size
194KB
-
Sample
221001-2k4enabfdp
-
MD5
68436a755999e7fb559ed5845d25dcf0
-
SHA1
3a3989a6c78578f4f2abf5b5ad8e22df5ddf1eb9
-
SHA256
6aed6fe05d534885dc8983af53044a1a1f0a972f4112499fe21c095877b67242
-
SHA512
843c1946273bbaa9e927aa28324396a432edc998073cf1526f96f29b35ca60ff1a23fd8784a75a2cc3149e1cad5e8e1ccc54d7486b2557fe7bf7db26d85a7a28
-
SSDEEP
3072:ZIsuSu37ds9ciftBwTxYJS4r97byrPR+rsJtot/dKAj5gKZaR2q:ZIsuZjiPwgS4QrPEsz0dX1ggI
Malware Config
Extracted
njrat
0.7d
HacKed
starmimo7.ddns.net:6667
ba7d1a7e166b36f0f2566066276e20ce
-
reg_key
ba7d1a7e166b36f0f2566066276e20ce
-
splitter
|'|'|
Targets
-
-
Target
6aed6fe05d534885dc8983af53044a1a1f0a972f4112499fe21c095877b67242
-
Size
194KB
-
MD5
68436a755999e7fb559ed5845d25dcf0
-
SHA1
3a3989a6c78578f4f2abf5b5ad8e22df5ddf1eb9
-
SHA256
6aed6fe05d534885dc8983af53044a1a1f0a972f4112499fe21c095877b67242
-
SHA512
843c1946273bbaa9e927aa28324396a432edc998073cf1526f96f29b35ca60ff1a23fd8784a75a2cc3149e1cad5e8e1ccc54d7486b2557fe7bf7db26d85a7a28
-
SSDEEP
3072:ZIsuSu37ds9ciftBwTxYJS4r97byrPR+rsJtot/dKAj5gKZaR2q:ZIsuZjiPwgS4QrPEsz0dX1ggI
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-