General
-
Target
60011536b37b5e78b0f1a5af409690c79723e78ae4316b9d878a308b86f171f0
-
Size
29KB
-
Sample
221002-2n1syadhc3
-
MD5
6c88fdfd801cfe06a1fb81f984cbd5d0
-
SHA1
8b119fa182a506690c1ca3b3cd94f78cab237ef9
-
SHA256
60011536b37b5e78b0f1a5af409690c79723e78ae4316b9d878a308b86f171f0
-
SHA512
e91770cc5eb862d4f64e6fdbb226d33a6144d78c72b78b878dd2e6de4e0dd512b8cfd3fa41afe79b1aabdd47c1bce3b90737fea6f5ba27a02120c4875fb89c5e
-
SSDEEP
768:3Qv/27NYsDkfZPoIqlHepBKh0p29SgRPf:Am7N143wEKhG29jPf
Malware Config
Extracted
njrat
0.6.4
HacKed
mhses.no-ip.biz:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
60011536b37b5e78b0f1a5af409690c79723e78ae4316b9d878a308b86f171f0
-
Size
29KB
-
MD5
6c88fdfd801cfe06a1fb81f984cbd5d0
-
SHA1
8b119fa182a506690c1ca3b3cd94f78cab237ef9
-
SHA256
60011536b37b5e78b0f1a5af409690c79723e78ae4316b9d878a308b86f171f0
-
SHA512
e91770cc5eb862d4f64e6fdbb226d33a6144d78c72b78b878dd2e6de4e0dd512b8cfd3fa41afe79b1aabdd47c1bce3b90737fea6f5ba27a02120c4875fb89c5e
-
SSDEEP
768:3Qv/27NYsDkfZPoIqlHepBKh0p29SgRPf:Am7N143wEKhG29jPf
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-