General
-
Target
7a3ac6dd3d13ab788f389ec5452bac3065491564d1213c25c58fc7bcbddf2eed
-
Size
295KB
-
Sample
221001-3s93vadfhj
-
MD5
976c9a37426d13551b9fa9c729a776fa
-
SHA1
0ef8432c846758be24f61a9547bc1a3465853a9c
-
SHA256
7a3ac6dd3d13ab788f389ec5452bac3065491564d1213c25c58fc7bcbddf2eed
-
SHA512
45bfe3263b87e7394accc5fc936bcd93e02e6890375a104388b5f46a9ba8607285e5eabb5466d27275df95fe1549dc1d69d4fe3d3b4d6dc2809f242a28e5196b
-
SSDEEP
6144:XF2a1VrPUVqTYDj72GhNnkYqqfLdI64nqS/lB:V2EBPMoOn2iNNq44d
Malware Config
Extracted
njrat
0.7d
HacKed
youfb.ddns.net:5552
b33487bbde5a3e79118d90fbf5ed678a
-
reg_key
b33487bbde5a3e79118d90fbf5ed678a
-
splitter
|'|'|
Targets
-
-
Target
7a3ac6dd3d13ab788f389ec5452bac3065491564d1213c25c58fc7bcbddf2eed
-
Size
295KB
-
MD5
976c9a37426d13551b9fa9c729a776fa
-
SHA1
0ef8432c846758be24f61a9547bc1a3465853a9c
-
SHA256
7a3ac6dd3d13ab788f389ec5452bac3065491564d1213c25c58fc7bcbddf2eed
-
SHA512
45bfe3263b87e7394accc5fc936bcd93e02e6890375a104388b5f46a9ba8607285e5eabb5466d27275df95fe1549dc1d69d4fe3d3b4d6dc2809f242a28e5196b
-
SSDEEP
6144:XF2a1VrPUVqTYDj72GhNnkYqqfLdI64nqS/lB:V2EBPMoOn2iNNq44d
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-