General
-
Target
b46fc12074f307eab9675a25fb781fbe401425a8dd57293b49e983ad94424ba9
-
Size
23KB
-
Sample
221002-2n4jtsdhc6
-
MD5
67acdbca7c72d3969a549c414d18d630
-
SHA1
28bb308476aa7b3f6ac8d5299a0e70bcb8b5dcfc
-
SHA256
b46fc12074f307eab9675a25fb781fbe401425a8dd57293b49e983ad94424ba9
-
SHA512
5e284da79589178d6e62c2863e611cb8ac6b4bde653613bf5f227a5f9a59e29dc4c4fe9bc3a438ed4580538bda0d768a66e048f3bd4b6577bc79ad6472e328a7
-
SSDEEP
384:rcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZaR:w30py6vhxaRpcnuB
Malware Config
Extracted
njrat
0.7d
HacKed
riad1.no-ip.biz:1177
5715416fef0cb3c7ac9c48f716dce43b
-
reg_key
5715416fef0cb3c7ac9c48f716dce43b
-
splitter
|'|'|
Targets
-
-
Target
b46fc12074f307eab9675a25fb781fbe401425a8dd57293b49e983ad94424ba9
-
Size
23KB
-
MD5
67acdbca7c72d3969a549c414d18d630
-
SHA1
28bb308476aa7b3f6ac8d5299a0e70bcb8b5dcfc
-
SHA256
b46fc12074f307eab9675a25fb781fbe401425a8dd57293b49e983ad94424ba9
-
SHA512
5e284da79589178d6e62c2863e611cb8ac6b4bde653613bf5f227a5f9a59e29dc4c4fe9bc3a438ed4580538bda0d768a66e048f3bd4b6577bc79ad6472e328a7
-
SSDEEP
384:rcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZaR:w30py6vhxaRpcnuB
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-