General
-
Target
a042ebd200961961b486b39c5fb6cf7b27c28eeb1f071c8bc77cddc21b273e2c
-
Size
78KB
-
Sample
221003-a82r7abbfp
-
MD5
65801ee322295adee592540bd1cbc470
-
SHA1
022de8d3fc0765b55dbf8af76cb5e5dd347e8e81
-
SHA256
a042ebd200961961b486b39c5fb6cf7b27c28eeb1f071c8bc77cddc21b273e2c
-
SHA512
89ef9b1e069916ec26fc8cd564b28afba30fe2a6dae07c7b06231501201e10cce623324e6a5fae3edc816d01cdab05c3aa0588aba64d93712b74d5785b794ad3
-
SSDEEP
1536:y4xezRy3hznqnFuSKkTHvDtcArxz2mCjZ+WwdU8HBsodO22aD:y4xezMWFuKPDBdzdLHBsodO22aD
Malware Config
Extracted
njrat
0.7d
HacKed
narutohacker2213.ddns.net:5190
2591884f286c1e789ae45f6cf3f86751
-
reg_key
2591884f286c1e789ae45f6cf3f86751
-
splitter
|'|'|
Targets
-
-
Target
a042ebd200961961b486b39c5fb6cf7b27c28eeb1f071c8bc77cddc21b273e2c
-
Size
78KB
-
MD5
65801ee322295adee592540bd1cbc470
-
SHA1
022de8d3fc0765b55dbf8af76cb5e5dd347e8e81
-
SHA256
a042ebd200961961b486b39c5fb6cf7b27c28eeb1f071c8bc77cddc21b273e2c
-
SHA512
89ef9b1e069916ec26fc8cd564b28afba30fe2a6dae07c7b06231501201e10cce623324e6a5fae3edc816d01cdab05c3aa0588aba64d93712b74d5785b794ad3
-
SSDEEP
1536:y4xezRy3hznqnFuSKkTHvDtcArxz2mCjZ+WwdU8HBsodO22aD:y4xezMWFuKPDBdzdLHBsodO22aD
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-