General
-
Target
2ae62c1be9736eb8820a9ab2b9b599807b0ddd23278e052823ee053f8d4fb863
-
Size
401KB
-
Sample
221002-2njvesdha6
-
MD5
6cbeabe00f98e2a1eb6c2159da8647c0
-
SHA1
14c51d82b59515780f06e7acea79898a1eb97e4b
-
SHA256
2ae62c1be9736eb8820a9ab2b9b599807b0ddd23278e052823ee053f8d4fb863
-
SHA512
d225078fd9a9caf65d96079febb069fb5dfe3dfe94df3f1a5e7a87180c409845c039c2f92ca2cb0ae40e6de64378d1b961131cef274ba7fe6026510f4c382786
-
SSDEEP
12288:sO7/LXS+Oyxq2pI9MslEBQlvDmlodEK6D:sODjvOJ2p07lEB0D5QD
Malware Config
Extracted
njrat
0.7d
HacKed
realhacker444.ddns.net:1177
b499b6c3b19405ce76b9bdafb1a7698e
-
reg_key
b499b6c3b19405ce76b9bdafb1a7698e
-
splitter
|'|'|
Targets
-
-
Target
2ae62c1be9736eb8820a9ab2b9b599807b0ddd23278e052823ee053f8d4fb863
-
Size
401KB
-
MD5
6cbeabe00f98e2a1eb6c2159da8647c0
-
SHA1
14c51d82b59515780f06e7acea79898a1eb97e4b
-
SHA256
2ae62c1be9736eb8820a9ab2b9b599807b0ddd23278e052823ee053f8d4fb863
-
SHA512
d225078fd9a9caf65d96079febb069fb5dfe3dfe94df3f1a5e7a87180c409845c039c2f92ca2cb0ae40e6de64378d1b961131cef274ba7fe6026510f4c382786
-
SSDEEP
12288:sO7/LXS+Oyxq2pI9MslEBQlvDmlodEK6D:sODjvOJ2p07lEB0D5QD
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-