General
-
Target
b1a3c81101a64476b401a8889c4a2280a5a4e591bb4e5d184074934fade23c48
-
Size
194KB
-
Sample
221003-a512gsbadn
-
MD5
67ca864acaba6a7e02502538cc497760
-
SHA1
3cb2eaa09e9ae1ae64451fe7745d83118cfcdd6d
-
SHA256
b1a3c81101a64476b401a8889c4a2280a5a4e591bb4e5d184074934fade23c48
-
SHA512
2b32bcf490129f4e7a92987f6775b45fbab74377ed57d7d89a38136026459063df0ed43ef38da72610ecff3733a88ce144f3713391ea1278114729241f847244
-
SSDEEP
1536:jfIshKRWuWIzbouo8I0JyT3zYX9j1oJYVyyT:jIs808ouoh0YTDy9j1o
Malware Config
Extracted
njrat
0.7d
HacKed
chromehost.ddns.net:200
c96ffc7155e33bdb2e471b2aad6e0049
-
reg_key
c96ffc7155e33bdb2e471b2aad6e0049
-
splitter
|'|'|
Targets
-
-
Target
b1a3c81101a64476b401a8889c4a2280a5a4e591bb4e5d184074934fade23c48
-
Size
194KB
-
MD5
67ca864acaba6a7e02502538cc497760
-
SHA1
3cb2eaa09e9ae1ae64451fe7745d83118cfcdd6d
-
SHA256
b1a3c81101a64476b401a8889c4a2280a5a4e591bb4e5d184074934fade23c48
-
SHA512
2b32bcf490129f4e7a92987f6775b45fbab74377ed57d7d89a38136026459063df0ed43ef38da72610ecff3733a88ce144f3713391ea1278114729241f847244
-
SSDEEP
1536:jfIshKRWuWIzbouo8I0JyT3zYX9j1oJYVyyT:jIs808ouoh0YTDy9j1o
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-