General
-
Target
ecbdeb109b58a37dd4bd5bca61fbe8dbd3d837cec68dd0b9d742bc228df0251c
-
Size
316KB
-
Sample
221002-n2j6fsfdal
-
MD5
6727a8e317070cc7a9af14a02cc2fb40
-
SHA1
c18c9606702b15f602f863cad6f08bc02882b3b1
-
SHA256
ecbdeb109b58a37dd4bd5bca61fbe8dbd3d837cec68dd0b9d742bc228df0251c
-
SHA512
2d583c48e2ee2a71ff936558ed84d6a088ae439dd93b03122b3ff8973b8ab0ca29857c09f3d5f93f98d9c2b6e0e5e83700a2a7052d4adb1d4c0cf72a03a55057
-
SSDEEP
6144:b3RycHq3Qk5kiKp65jpjD3Ho755oYw1fxMrPfSoRH9Bss3K6oAzwzi4N1fWc5v4n:FfHjk5kiKp65jpjD3Ho755oYw1fxMrPX
Malware Config
Extracted
njrat
0.7d
HacKed
oommaaww.no-ip.biz:5552
222fc9e36b3012c000f943c00109decb
-
reg_key
222fc9e36b3012c000f943c00109decb
-
splitter
|'|'|
Targets
-
-
Target
ecbdeb109b58a37dd4bd5bca61fbe8dbd3d837cec68dd0b9d742bc228df0251c
-
Size
316KB
-
MD5
6727a8e317070cc7a9af14a02cc2fb40
-
SHA1
c18c9606702b15f602f863cad6f08bc02882b3b1
-
SHA256
ecbdeb109b58a37dd4bd5bca61fbe8dbd3d837cec68dd0b9d742bc228df0251c
-
SHA512
2d583c48e2ee2a71ff936558ed84d6a088ae439dd93b03122b3ff8973b8ab0ca29857c09f3d5f93f98d9c2b6e0e5e83700a2a7052d4adb1d4c0cf72a03a55057
-
SSDEEP
6144:b3RycHq3Qk5kiKp65jpjD3Ho755oYw1fxMrPfSoRH9Bss3K6oAzwzi4N1fWc5v4n:FfHjk5kiKp65jpjD3Ho755oYw1fxMrPX
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-