General
-
Target
ad27f82898cc7f747782543f55590d4b689e473b54158db4b27a4eb69b54e66b
-
Size
28KB
-
Sample
221002-2n1g6sdhc2
-
MD5
6f7b60a58bf66f8ec4f0bd9855a64900
-
SHA1
a28b06783289a0d142f32d0104e69bb3cc61ec34
-
SHA256
ad27f82898cc7f747782543f55590d4b689e473b54158db4b27a4eb69b54e66b
-
SHA512
0aed5abb9244a42dd905972078f6c8707a3c242e2800ca0a025033d34c5e933f5f207496c4a597e9972df33a807cff093a1d03c091f8fbae364ad7604cd62222
-
SSDEEP
768:SK7ZW4Oakw1BnX7oqsKuelBKh0p29SgR3R:SK78oEJKLKhG29j3R
Malware Config
Extracted
njrat
0.6.4
HacKed
kurd-expert.ddns.net:1177
9d40b6eb9ca0a7f1a306069df9bc9136
-
reg_key
9d40b6eb9ca0a7f1a306069df9bc9136
-
splitter
|'|'|
Targets
-
-
Target
ad27f82898cc7f747782543f55590d4b689e473b54158db4b27a4eb69b54e66b
-
Size
28KB
-
MD5
6f7b60a58bf66f8ec4f0bd9855a64900
-
SHA1
a28b06783289a0d142f32d0104e69bb3cc61ec34
-
SHA256
ad27f82898cc7f747782543f55590d4b689e473b54158db4b27a4eb69b54e66b
-
SHA512
0aed5abb9244a42dd905972078f6c8707a3c242e2800ca0a025033d34c5e933f5f207496c4a597e9972df33a807cff093a1d03c091f8fbae364ad7604cd62222
-
SSDEEP
768:SK7ZW4Oakw1BnX7oqsKuelBKh0p29SgR3R:SK78oEJKLKhG29j3R
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-