General
-
Target
22de0c7cb2ce9b7f3e5fc6944bda2454c13d1e57476b0b7cfc835d3b4edf6cb7
-
Size
23KB
-
Sample
221001-y5ys5aebb8
-
MD5
41f484184aeefc393ba62b04f3fbe940
-
SHA1
91f26bbe1141432de96deba534c08a542ac4386e
-
SHA256
22de0c7cb2ce9b7f3e5fc6944bda2454c13d1e57476b0b7cfc835d3b4edf6cb7
-
SHA512
0b6e8d7681090e24138b3ee8ad3f44712a497f9d9c6e6f6aa0e9f26a82c47b5ee2de5404dcc19b0abbbe4717a6ca4ff04110dfdd44c1a7dd84b35f0a5bfaaaf8
-
SSDEEP
384:aweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZq+6:FLq411eRpcnud
Malware Config
Extracted
njrat
0.7d
HacKed
mohammed29928.ddns.net:5552
29867abf0d27f9d1f7944939dd33f982
-
reg_key
29867abf0d27f9d1f7944939dd33f982
-
splitter
|'|'|
Targets
-
-
Target
22de0c7cb2ce9b7f3e5fc6944bda2454c13d1e57476b0b7cfc835d3b4edf6cb7
-
Size
23KB
-
MD5
41f484184aeefc393ba62b04f3fbe940
-
SHA1
91f26bbe1141432de96deba534c08a542ac4386e
-
SHA256
22de0c7cb2ce9b7f3e5fc6944bda2454c13d1e57476b0b7cfc835d3b4edf6cb7
-
SHA512
0b6e8d7681090e24138b3ee8ad3f44712a497f9d9c6e6f6aa0e9f26a82c47b5ee2de5404dcc19b0abbbe4717a6ca4ff04110dfdd44c1a7dd84b35f0a5bfaaaf8
-
SSDEEP
384:aweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZq+6:FLq411eRpcnud
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-