General
-
Target
a63052e40badaf042f39b30e70bb387f0d44d8a7e45d8e60163a69d8adb17bdf
-
Size
29KB
-
Sample
221002-pvlldafcc6
-
MD5
6f7f2f73bb2ad90002947f071f99a7b0
-
SHA1
b7d220382a73ebd5ba19f10dc41eef81eaab9342
-
SHA256
a63052e40badaf042f39b30e70bb387f0d44d8a7e45d8e60163a69d8adb17bdf
-
SHA512
b448a0fa09ed281e89267ce4fc42cfcb6546e44db3f6478c3a7bb7a44a61b872daf638adf151ce1db3a2befe77ff478a48f61ea18d6bae9f993f303b66e610cb
-
SSDEEP
384:XFpQjtl7jBnoKoK3JX15nHK4GumqDAEReIlGBsbh0w4wlAokw9OhgOL1vYRGOZzm:Xi7hoKoGJFNK4Aq1RehBKh0p29SgRdE
Malware Config
Extracted
njrat
0.6.4
HacKed
127.0.0.1:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
a63052e40badaf042f39b30e70bb387f0d44d8a7e45d8e60163a69d8adb17bdf
-
Size
29KB
-
MD5
6f7f2f73bb2ad90002947f071f99a7b0
-
SHA1
b7d220382a73ebd5ba19f10dc41eef81eaab9342
-
SHA256
a63052e40badaf042f39b30e70bb387f0d44d8a7e45d8e60163a69d8adb17bdf
-
SHA512
b448a0fa09ed281e89267ce4fc42cfcb6546e44db3f6478c3a7bb7a44a61b872daf638adf151ce1db3a2befe77ff478a48f61ea18d6bae9f993f303b66e610cb
-
SSDEEP
384:XFpQjtl7jBnoKoK3JX15nHK4GumqDAEReIlGBsbh0w4wlAokw9OhgOL1vYRGOZzm:Xi7hoKoGJFNK4Aq1RehBKh0p29SgRdE
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-