General
-
Target
ff8f477d7ff5e9ae54c5ba80be1f1884773e7da8dccb737508adba85413326cc
-
Size
29KB
-
Sample
221002-ntdzgadec4
-
MD5
536d55f94c3a53510b6f088ac62c0980
-
SHA1
32ef91c30f8cde0426781761c0b4d86768e82ae4
-
SHA256
ff8f477d7ff5e9ae54c5ba80be1f1884773e7da8dccb737508adba85413326cc
-
SHA512
22f892cc91a83cc5a3c80830eb50d7baff7ac053f4ec491de7e0871d89457c4a53b7804a76cb7850133b10ed9e4f2772dbf199e22fb982d25dfcad20c2b28cee
-
SSDEEP
768:yj77ucYfKQTtzjAqc3eUBKh0p29SgRMy6:y7hWVUJZKhG29j96
Malware Config
Extracted
njrat
0.6.4
HacKed
setokaiba.no-ip.biz:1177
08f4dc96bbb7af09d1a37fe35c75a42f
-
reg_key
08f4dc96bbb7af09d1a37fe35c75a42f
-
splitter
|'|'|
Targets
-
-
Target
ff8f477d7ff5e9ae54c5ba80be1f1884773e7da8dccb737508adba85413326cc
-
Size
29KB
-
MD5
536d55f94c3a53510b6f088ac62c0980
-
SHA1
32ef91c30f8cde0426781761c0b4d86768e82ae4
-
SHA256
ff8f477d7ff5e9ae54c5ba80be1f1884773e7da8dccb737508adba85413326cc
-
SHA512
22f892cc91a83cc5a3c80830eb50d7baff7ac053f4ec491de7e0871d89457c4a53b7804a76cb7850133b10ed9e4f2772dbf199e22fb982d25dfcad20c2b28cee
-
SSDEEP
768:yj77ucYfKQTtzjAqc3eUBKh0p29SgRMy6:y7hWVUJZKhG29j96
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-