General
-
Target
aef2a2e45deff880a7b64d6f79e0b9441916afaa230440d07ca28e5560ff0ea0
-
Size
137KB
-
Sample
221001-ylmlraechq
-
MD5
7290d6c5b840d629b677940ba7864850
-
SHA1
46d8fdaf6386cd259ae9dc6fd273bfbc215f9b3b
-
SHA256
aef2a2e45deff880a7b64d6f79e0b9441916afaa230440d07ca28e5560ff0ea0
-
SHA512
94a7b9b36ccb1813708037a07cec10324d69cda9c7dc3f4db205489bf03af99868d933486093a07fdd0b4cba2a2050dd8a6ae00b4627c47f9f591c70ecfefea2
-
SSDEEP
3072:Cnj9jtfU+INndIc0JQ5iKVk25T6nd8a9bK6PvA95hESK0A:CjbeimJTAd8d6n05hT0
Malware Config
Extracted
njrat
0.7d
HacKed
trung0979774557.homeip.net:5552
192936889c1ad904a258ba1ec13299b3
-
reg_key
192936889c1ad904a258ba1ec13299b3
-
splitter
|'|'|
Targets
-
-
Target
aef2a2e45deff880a7b64d6f79e0b9441916afaa230440d07ca28e5560ff0ea0
-
Size
137KB
-
MD5
7290d6c5b840d629b677940ba7864850
-
SHA1
46d8fdaf6386cd259ae9dc6fd273bfbc215f9b3b
-
SHA256
aef2a2e45deff880a7b64d6f79e0b9441916afaa230440d07ca28e5560ff0ea0
-
SHA512
94a7b9b36ccb1813708037a07cec10324d69cda9c7dc3f4db205489bf03af99868d933486093a07fdd0b4cba2a2050dd8a6ae00b4627c47f9f591c70ecfefea2
-
SSDEEP
3072:Cnj9jtfU+INndIc0JQ5iKVk25T6nd8a9bK6PvA95hESK0A:CjbeimJTAd8d6n05hT0
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-