General
-
Target
fe781b6cfe1fe882950c64424e6e1902dfc5b80409b35b0f41f8d9945768bde9
-
Size
23KB
-
Sample
221002-k3rp5shhgk
-
MD5
649cafc90ae690628f9fb8872ef35100
-
SHA1
891b3870948a566f4734a0cc0037498a61ae0802
-
SHA256
fe781b6cfe1fe882950c64424e6e1902dfc5b80409b35b0f41f8d9945768bde9
-
SHA512
77840a1f41d0584811e6700b496afb838368cb5a8adb8dc364c04374d1d67ed7f1f9992250f94e64f05193e21823e3448414c1b58ab2cc99dbe487494d920ea7
-
SSDEEP
384:x4Q+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZDTE:9OaxVULRpcnukI
Malware Config
Extracted
njrat
0.7d
HacKed
arabfucktania.no-ip.info:1177
a24d2c631f4d4534ac110043701abe33
-
reg_key
a24d2c631f4d4534ac110043701abe33
-
splitter
|'|'|
Targets
-
-
Target
fe781b6cfe1fe882950c64424e6e1902dfc5b80409b35b0f41f8d9945768bde9
-
Size
23KB
-
MD5
649cafc90ae690628f9fb8872ef35100
-
SHA1
891b3870948a566f4734a0cc0037498a61ae0802
-
SHA256
fe781b6cfe1fe882950c64424e6e1902dfc5b80409b35b0f41f8d9945768bde9
-
SHA512
77840a1f41d0584811e6700b496afb838368cb5a8adb8dc364c04374d1d67ed7f1f9992250f94e64f05193e21823e3448414c1b58ab2cc99dbe487494d920ea7
-
SSDEEP
384:x4Q+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZDTE:9OaxVULRpcnukI
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-