General
-
Target
90813b01b1394e0e3acc359bdaaacf55834c911f130791a7673a4e117c585d20
-
Size
475KB
-
Sample
221002-2n4vlafchk
-
MD5
766df35dadb36b285c00d1503dc3c880
-
SHA1
fcfc45d62ab889d07e87e59cf3848cee53bc2386
-
SHA256
90813b01b1394e0e3acc359bdaaacf55834c911f130791a7673a4e117c585d20
-
SHA512
a20437d97c119087f3f9490ff7e0c378c85506a813f4df7b09f8d7fdfd375dc1c0ea9b741ba51b9767df3ee840709eb7473a95854829365072514c2314e423dc
-
SSDEEP
6144:b1dlZro5yadDhzSwx+5u+8FMSj2624xd7GHfdhopx3Z21sTsVgYwD:b1dlZo5yazV+5yF3Qs7GWtZdsBq
Malware Config
Extracted
njrat
0.7d
HacKed
zarrouki2015.ddns.net:1177
cbee1b9489a26b48b405599ee92e65a4
-
reg_key
cbee1b9489a26b48b405599ee92e65a4
-
splitter
|'|'|
Targets
-
-
Target
90813b01b1394e0e3acc359bdaaacf55834c911f130791a7673a4e117c585d20
-
Size
475KB
-
MD5
766df35dadb36b285c00d1503dc3c880
-
SHA1
fcfc45d62ab889d07e87e59cf3848cee53bc2386
-
SHA256
90813b01b1394e0e3acc359bdaaacf55834c911f130791a7673a4e117c585d20
-
SHA512
a20437d97c119087f3f9490ff7e0c378c85506a813f4df7b09f8d7fdfd375dc1c0ea9b741ba51b9767df3ee840709eb7473a95854829365072514c2314e423dc
-
SSDEEP
6144:b1dlZro5yadDhzSwx+5u+8FMSj2624xd7GHfdhopx3Z21sTsVgYwD:b1dlZo5yazV+5yF3Qs7GWtZdsBq
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-