General
-
Target
fe9fc2ade7b749dd526e675e318e95963a3ecf856689458edf0ed37f29d78d4a
-
Size
205KB
-
Sample
221002-nttpxsehgj
-
MD5
6b817df19fb115997b8f6601a8aae600
-
SHA1
bd099f7e50b762c62bf4e8196b11fa30f209cc85
-
SHA256
fe9fc2ade7b749dd526e675e318e95963a3ecf856689458edf0ed37f29d78d4a
-
SHA512
f7d8298aec68e43e6b0c309c7e633f3465020b697adfcd25c2fa619f9483bf2c4cb309aecba10d480d03cc50ff6e706f5423a911c36857bb127c14c781afc47a
-
SSDEEP
3072:N0g1eTQqYQW7idRF1MzdTxNbtF3/CGaqW8GurHKnTMPbcpp:N0gbHwF1udlZT6G1Wbuzy6bq
Malware Config
Extracted
njrat
0.7d
HacKed
emew.no-ip.info:9696
90cd23ba67e7e9682670983e066df085
-
reg_key
90cd23ba67e7e9682670983e066df085
-
splitter
|'|'|
Targets
-
-
Target
fe9fc2ade7b749dd526e675e318e95963a3ecf856689458edf0ed37f29d78d4a
-
Size
205KB
-
MD5
6b817df19fb115997b8f6601a8aae600
-
SHA1
bd099f7e50b762c62bf4e8196b11fa30f209cc85
-
SHA256
fe9fc2ade7b749dd526e675e318e95963a3ecf856689458edf0ed37f29d78d4a
-
SHA512
f7d8298aec68e43e6b0c309c7e633f3465020b697adfcd25c2fa619f9483bf2c4cb309aecba10d480d03cc50ff6e706f5423a911c36857bb127c14c781afc47a
-
SSDEEP
3072:N0g1eTQqYQW7idRF1MzdTxNbtF3/CGaqW8GurHKnTMPbcpp:N0gbHwF1udlZT6G1Wbuzy6bq
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-