General
-
Target
7916255e1713df00ed5e437a6b363f322059d171dc4dbdb335c759cb47eab75c
-
Size
23KB
-
Sample
221003-2t9yssbae3
-
MD5
51a36bce2022f66cdabb97df479bd850
-
SHA1
68397ef3c39c3a45c1e1837bf7da1f1c8fe421f3
-
SHA256
7916255e1713df00ed5e437a6b363f322059d171dc4dbdb335c759cb47eab75c
-
SHA512
ce0a17bf36f042ef5c43015980029787247e1eb1dd2c1e6f07f073a3a65e13e25199b0c5816a55e03c06ec566b499afb3c8f5bc54ef21c353b685328892c513a
-
SSDEEP
384:IKQ+ILgIbOprgPsUOSU0kB1kd6dg7GYh/JomRvR6JZlbw8hqIusZzZ4+:8LL6MVU0NRpcnuk
Malware Config
Extracted
njrat
0.7d
HacKed
ad93.myq-see.com:1177
2100c8d153b7aee33b7df3db233ea562
-
reg_key
2100c8d153b7aee33b7df3db233ea562
-
splitter
|'|'|
Targets
-
-
Target
7916255e1713df00ed5e437a6b363f322059d171dc4dbdb335c759cb47eab75c
-
Size
23KB
-
MD5
51a36bce2022f66cdabb97df479bd850
-
SHA1
68397ef3c39c3a45c1e1837bf7da1f1c8fe421f3
-
SHA256
7916255e1713df00ed5e437a6b363f322059d171dc4dbdb335c759cb47eab75c
-
SHA512
ce0a17bf36f042ef5c43015980029787247e1eb1dd2c1e6f07f073a3a65e13e25199b0c5816a55e03c06ec566b499afb3c8f5bc54ef21c353b685328892c513a
-
SSDEEP
384:IKQ+ILgIbOprgPsUOSU0kB1kd6dg7GYh/JomRvR6JZlbw8hqIusZzZ4+:8LL6MVU0NRpcnuk
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-