General
-
Target
f25392c066f5415339b577d577308279e318a015832a9560993a2e7edf0d3373
-
Size
93KB
-
Sample
221003-2txy8sbac9
-
MD5
50af32f41c22abf955a2f1116583ccc0
-
SHA1
000a7f9a8af1a0d165593cf1b4764f4b2ce53447
-
SHA256
f25392c066f5415339b577d577308279e318a015832a9560993a2e7edf0d3373
-
SHA512
355239639ad417df36d07934ba70e54a0e978454f4b8772b64166365bf3bcda5df86bf555a34eb44698543b94e94b8a9f9f20cadb08970821e8ae9033de0deff
-
SSDEEP
1536:ubytW3PcsuXg8Jw8AerxxZkASHjwxleHQPV6OHNPajCtq4hXoG9nxRcC0g2njpv6:syqcsuXgYw8vxRSHj28HQw8tZejPW5n
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:1177
212683d986fb740ad6a40184df48e604
-
reg_key
212683d986fb740ad6a40184df48e604
-
splitter
|'|'|
Targets
-
-
Target
f25392c066f5415339b577d577308279e318a015832a9560993a2e7edf0d3373
-
Size
93KB
-
MD5
50af32f41c22abf955a2f1116583ccc0
-
SHA1
000a7f9a8af1a0d165593cf1b4764f4b2ce53447
-
SHA256
f25392c066f5415339b577d577308279e318a015832a9560993a2e7edf0d3373
-
SHA512
355239639ad417df36d07934ba70e54a0e978454f4b8772b64166365bf3bcda5df86bf555a34eb44698543b94e94b8a9f9f20cadb08970821e8ae9033de0deff
-
SSDEEP
1536:ubytW3PcsuXg8Jw8AerxxZkASHjwxleHQPV6OHNPajCtq4hXoG9nxRcC0g2njpv6:syqcsuXgYw8vxRSHj28HQw8tZejPW5n
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-