General
-
Target
c731c6f52d01da92c309ecc9a829ee60cd0f1d086fc9401d009f2544dad5b53a
-
Size
39KB
-
Sample
221002-2nk3gsdha7
-
MD5
70da8625832e735f849fe5f47a1c74a0
-
SHA1
2a2be89129db4d8ec8b20546f8d483afd73cb580
-
SHA256
c731c6f52d01da92c309ecc9a829ee60cd0f1d086fc9401d009f2544dad5b53a
-
SHA512
75995b207ff16adb5d6e38d097915e635987bd86e5de2a87479f9fc7095003da92ae47dcfe800c429b6fd68e5ccaac083e62fc922eb5fe37ee32231e2a933297
-
SSDEEP
768:KhszVZgHPC02NU/9xaooDQj4QWjExdMzVX1d4bj:KhsBZYq0KTo26/xCrdgj
Malware Config
Extracted
njrat
0.7d
mama
nassimben.ddns.net:7771
42c770b1825d53abeaba40d6b47fa5eb
-
reg_key
42c770b1825d53abeaba40d6b47fa5eb
-
splitter
|'|'|
Targets
-
-
Target
c731c6f52d01da92c309ecc9a829ee60cd0f1d086fc9401d009f2544dad5b53a
-
Size
39KB
-
MD5
70da8625832e735f849fe5f47a1c74a0
-
SHA1
2a2be89129db4d8ec8b20546f8d483afd73cb580
-
SHA256
c731c6f52d01da92c309ecc9a829ee60cd0f1d086fc9401d009f2544dad5b53a
-
SHA512
75995b207ff16adb5d6e38d097915e635987bd86e5de2a87479f9fc7095003da92ae47dcfe800c429b6fd68e5ccaac083e62fc922eb5fe37ee32231e2a933297
-
SSDEEP
768:KhszVZgHPC02NU/9xaooDQj4QWjExdMzVX1d4bj:KhsBZYq0KTo26/xCrdgj
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-