General
-
Target
b93964a24a76be614b5f938c93bd67dd1280ac10589e8cd7d7efe50e46bd2e96
-
Size
39KB
-
Sample
221002-l9f3naagb3
-
MD5
6c8428a6835c2f4a064087284ed79c80
-
SHA1
aba0d38fd50805873ffbeebf3e0bb4be61befacd
-
SHA256
b93964a24a76be614b5f938c93bd67dd1280ac10589e8cd7d7efe50e46bd2e96
-
SHA512
b08959b7fcd1bb748047f95bd04e3286a2b1c3d0aefdd4878c4cfdd3f754b11de1526de6d078bf8ffe3471a3b8dbf9d6c330bcd35ef9456377ca7226296fb1ab
-
SSDEEP
768:XGOy+4tZFblxitXM1vGelWw4+lDo1s3lMs+4coTzBo01+3VYmBYphQ:py+4tZFYM1DlWulDo1IA4co3B3+3JipS
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:1177
212683d986fb740ad6a40184df48e604
-
reg_key
212683d986fb740ad6a40184df48e604
-
splitter
|'|'|
Targets
-
-
Target
b93964a24a76be614b5f938c93bd67dd1280ac10589e8cd7d7efe50e46bd2e96
-
Size
39KB
-
MD5
6c8428a6835c2f4a064087284ed79c80
-
SHA1
aba0d38fd50805873ffbeebf3e0bb4be61befacd
-
SHA256
b93964a24a76be614b5f938c93bd67dd1280ac10589e8cd7d7efe50e46bd2e96
-
SHA512
b08959b7fcd1bb748047f95bd04e3286a2b1c3d0aefdd4878c4cfdd3f754b11de1526de6d078bf8ffe3471a3b8dbf9d6c330bcd35ef9456377ca7226296fb1ab
-
SSDEEP
768:XGOy+4tZFblxitXM1vGelWw4+lDo1s3lMs+4coTzBo01+3VYmBYphQ:py+4tZFYM1DlWulDo1IA4co3B3+3JipS
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-