General
-
Target
2ceffe5d0a3e81b724c80484791364a1bd676a72ae1bbc4edebaed04dccdbb60
-
Size
41KB
-
Sample
221001-2wsgjacbcj
-
MD5
6174b0640d9954f49f4e1752575073d0
-
SHA1
9d906ca323f0ceed91c348ee1e815faaa15f3d81
-
SHA256
2ceffe5d0a3e81b724c80484791364a1bd676a72ae1bbc4edebaed04dccdbb60
-
SHA512
8d6821e6453ea2c9fc028b637782e385b78c0b3af99c37aa2f13c6eb6a1bffc160d75ff5b3f6dd7a4a308f045af46e07ce749301dc6efcf9ddb7df01f99158b7
-
SSDEEP
768:jXxdX64kYewwUtH1IVOYgLdBLXTijktmbGBHEqNCzhoLN8ax:/4YCeIVOYg7Kg0iBHEq4iyU
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:5552
279f6960ed84a752570aca7fb2dc1552
-
reg_key
279f6960ed84a752570aca7fb2dc1552
-
splitter
|'|'|
Targets
-
-
Target
2ceffe5d0a3e81b724c80484791364a1bd676a72ae1bbc4edebaed04dccdbb60
-
Size
41KB
-
MD5
6174b0640d9954f49f4e1752575073d0
-
SHA1
9d906ca323f0ceed91c348ee1e815faaa15f3d81
-
SHA256
2ceffe5d0a3e81b724c80484791364a1bd676a72ae1bbc4edebaed04dccdbb60
-
SHA512
8d6821e6453ea2c9fc028b637782e385b78c0b3af99c37aa2f13c6eb6a1bffc160d75ff5b3f6dd7a4a308f045af46e07ce749301dc6efcf9ddb7df01f99158b7
-
SSDEEP
768:jXxdX64kYewwUtH1IVOYgLdBLXTijktmbGBHEqNCzhoLN8ax:/4YCeIVOYg7Kg0iBHEq4iyU
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-